A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm of the Western Balkans - Regional Cooperation ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
A NEW VIRTUAL
BATTLEFIELD
How to prevent online radicalisation
in the cyber security realm of the
Western Balkans
Financed by the
European Union 1
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
Good.
Better.
Regional.
A NEW VIRTUAL BATTLEFIELD
- How to prevent online
Title: A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
of the Western Balkans
Publisher: Regional Cooperation Council
radicalisation in the cyber
Trg Bosne i Hercegovine 1/V, 71000 Sarajevo
Bosnia and Herzegovina
Tel: +387 33 561 700; Fax: +387 33 561 701
E-mail: rcc@rcc.int
security realm
Website: www.rcc.int
Authors: Prof. Maura Conway
Sheelagh Brady
Editor: Amer Kapetanovic, RCC
Consulting editor: Zoran Popov, RCC
Design & Layout: Šejla Dizdarević
ISBN: 978-9926-402-11-2
December 2018
©RCC2018 All rights reserved. The responsibility for the content, the views, interpretations and
conditions expressed herein rests solely with the authors and can in no way be taken to reflect the views Sarajevo, December 2018.
of the RCC or of its participants, partners, donors or of the European Union.
2 3
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
TABLE OF CONTENTS
Chapter 2 - Online Radicalization in the Western Balkans..................................................... 63
Executive Summary............................................................................................ 64
Findings and Recommendations..................................................................... 64
Recommendations..................................................................................... 65
Chapter 1 - Cyber Security in the Western Balkans............................................................... 6
National-level recommendations........................................................... 65
Executive Summary............................................................................................. 7
Regional-level recommendations.......................................................... 65
Findings and Recommendations...................................................................... 7
Organisations Interviewed.................................................................................... 67
Recommendations...................................................................................... 8
List of Abbreviations........................................................................................... 68
National-level recommendations............................................................ 8
1. Introduction.................................................................................................. 70
Regional-level recommendations........................................................... 8
1.1 Objectives of the overall study and objective of this report..............................70
Organisations Interviewed.................................................................................... 10
1.2 Information Operations.......................................................................... 71
List of Abbreviations........................................................................................... 11
1.3 Online extremism and radicalisation.......................................................... 72
1. Introduction.................................................................................................. 13
1.4 Methodology....................................................................................... 73
1.1 Objective of the study...........................................................................14
2. Prevalence of Online Extremism and Radicalisation in the WB6..................................74
1.2 Cyber Security.....................................................................................17
2.1. Kosovo*............................................................................................. 75
1.3 Information Operations..........................................................................19
2.2. Bosnia and Herzegovina......................................................................... 76
1.4 Methodology.......................................................................................20
2.3. Albania............................................................................................. 78
2. European Environment................................................................................... 23
2.4. The Former Yugoslav Republic of Macedonia................................................79
2.1 Cyber Security Strategy of the European Union............................................ 23
2.5. Serbia.............................................................................................. 79
2.2 EU Legislation...................................................................................... 25
2.6. Montenegro....................................................................................... 80
2.3 The Budapest Convention on Cybercrime..................................................... 26
2.7. Summing-up....................................................................................... 81
2.4 The Digital Agenda for Europe (DAE).......................................................... 27
3. European and International Environments............................................................ 82
2.5 The European Union Agency for Network and Information Security......................28
3.1. European policy documents and strategies..................................................82
2.6 Additional Programmes and Activities.........................................................29
3.2. EU Legislation..................................................................................... 90
2.7 Funding............................................................................................. 30
3.3. EU agencies and networks...................................................................... 92
3. Cyber Security in the Western Balkans................................................................. 32
3.4. Additional programmes and activities........................................................ 93
3.1 Legislation, strategies, and policies............................................................32
3.5. Funding............................................................................................ 98
3.2 Regional Development Agenda.................................................................. 34
4. Online Radicalisation and Extremism in the Western Balkans.....................................99
3.3 Challenges to operational implementation................................................... 36
4.1. Legislation, strategies, and policies.......................................................... 99
4. Mini Economy Case Studies............................................................................... 42
4.2. Regional Activities............................................................................. 103
4.1 Albania.............................................................................................. 42
4.3 Challenges to operational implementation................................................. 106
4.2 Bosnia and Herzegovina.......................................................................... 44
5. Findings and Recommendations....................................................................... 111
4.3 Kosovo*.............................................................................................. 47
Recommendations................................................................................... 112
4.4 Montenegro........................................................................................ 49
5.1 National-level recommendations............................................................. 112
4.5 Serbia............................................................................................... 52
5.2 Regional-level recommendations............................................................. 113
4.6 The Former Yugoslav Republic of Macedonia.................................................55
5. Findings and Recommendations......................................................................... 58
5.1 National-level recommendations............................................................... 58
5.2 Regional-level recommendations............................................................... 60
*
This designation throughout this document is without prejudice to positions on status, and is in line with UNSCR 1244/1999 and the
ICJ Opinion on the Kosovo declaration of independence
4 5
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
Chapter 1
CYBER SECURITY IN THE
WESTERN BALKANS
7
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
EXECUTIVE SUMMARY
in respect of staffing, technology, and training, proach to cyber security given their broad range
which is negatively impacting investigations and of perspectives, experience, and vision.
procedure; (iv) the lack of significant public-private
Identify and develop Public-Private Partner-
partnerships, despite recognition of their value; (v)
ships (PPP) and build synergies - Effective strat-
the lack of educational policies and programmes on
egies in all policy realms are built on collabora-
Information and Communications Technology (ICT)
tion. Instead of just acknowledging the need for
The main objective of this study is to provide a
comprehensive overview and analysis of the situ-
Findings and and related areas within the WB6.
PPPs within cyber security (and CVE strategies;
ation as regards cyber security in Albania, Bosnia Recommendations The following recommendations are provided to see Vol. 2), significant effort should be put into
and Herzegovina, Kosovo*, Montenegro, Serbia and help address these challenges and to maximise pro- what such partnerships could look like and the
The Former Yugoslav Republic of Macedonia (here- The driving force behind much of the WB6 activity gress in relation to the harmonisation of strategic areas that may most benefit from their establish-
after WB6). Secondly, the study aims, ambitious- in the area of cyber security is the European Union, and legal frameworks. ment. Joint trainings are an obvious first step to
ly, to expand our understanding of cyber security by way of the Cyber Security Strategy of the Euro- building better relationships.
beyond traditional narrow definitions to include pean Union, NIS, and the Digital Agenda for Europe,
information operations, with a focus in this study amongst others. Indicative of the multi-layered ap- Recommendations Review educational approach to ICT and Cyber
Security - The WB6 needs to undertake a com-
on the example of online radicalisation. To do this, proach the EU is taking in this area, the impetus prehensive review of its educational approach to
the researchers have produced a two volume series. for progress on cyber security also stems from the National-level recommendations ICT and cyber security. This should not only en-
This report is Volume 1 of that series and focuses on regional development agenda, such as the Multi-An-
quire into what courses are required and at what
traditional cyber security concerns. nual Action Plan for a Regional Economic Area in the Despite progress in each of the WB6 with regard to
levels, but include a longer term assessment of
Western Balkans (MAP) and the Digital Agenda for cyber security, more needs to be done. The follow-
future needs in this area, and courses devel-
In terms of approach, both desk based research and the Western Balkans. ing recommendations should assist in achieving this.
oped and offered based on this. It should almost
field consultations were conducted. A broad range certainly also include development of not just
of stakeholders were interviewed, from govern- A variety of other documents and actors also play Resource strategies and action plans - A first
step to concretely addressing this is to cost technology-based, but multi-disciplinary pro-
ment, donor communities, the private sector, civil a role including the European Agenda on Security
strategies and actions plans during the planning grammes to insure the competencies to support
society and academia, to ensure breath of differing (2015), the Digital Single Market Strategy (2015);
phase and then to reinforce such plans with ded- better strategic and operational implementation
perspectives are represented. the Communication on Strengthening Europe’s Cy-
ber Resilience System and Fostering a Competitive icated funds. Solely relying on existing resources of cyber security strategy are available.
A common condemnation of the WB6 in the past and Innovative Cyber Security Industry (2016); the and/or donor funds will have significant negative Regional-level recommendations
with regard to their cyber security posture has been Network and Information Security Directive; the EU impacts.
that they do not have efficient institutional mecha- General Data Protection Regulation (GDPR); the Di- Many respondents agreed that progress in cyber
Create and/or improve cyber incident report-
nisms, operational or legislative to adequately ad- rective 2013/40/EU on Attacks Against Information security would benefit from a more joined-up and
ing structures – One method to do this is to make
dress this area. Reasons offered for this included a Systems; the Directive 2011/92/EU on Combating forward thinking regional approach, which would
it easier for citizens and businesses to report cy-
lack of political awareness and limited institutional the Sexual Abuse and Sexual Exploitation of Chil- build on the work and structures of existing region-
ber security incidents. Many companies noted
capacity to recognise the risk. Such criticisms do dren and Child Pornography; the Framework De- al institutions, such as the RCC. This regional ap-
that they did not know how to report an incident,
not appear as valid today, and while the region is in cision on Combating Fraud and Counterfeiting of proach would make better use of scarce resources.
what information they would have to supply, and
no way immune from cyber security risks, the tech- Non-cash Means of Payment (2001); the Budapest Furthermore, it would illustrate a shared political
what and how much they could choose not to
nology and economy gap between the region and Convention on Cybercrime (2001); the Digital Agen- will and proactive approach to cyber security. The
divulge. It is therefore recommended that CSIRTs
Western Europe is said to be far shallower in the da for Europe (DAE); the European Union Agency for following is therefore recommended:
reach out to such organisations and inform them
digital world than in the general economy. In fact, Network and Information Security (ENISA); the EU
about reporting processes and the nature and
the pace of progress in this area in the WB6, while Computer Emergency Response Team (CSIRT-EU); Develop a more strategic approach to regional
type of information that needs to be provided.
not ideal, is not totally at odds with that in many Europol’s Cybercrime Centre; NATO policy and ac- cooperation - It is recommended that develop-
EU countries. tion plan on cyber defence; CyberCrime@IPA and Raise awareness - This could be addressed ing a strategic approach to cyber security should
iProceeds; OSCE; International Telecommunication through a number of different measures, includ- be done within existing frameworks, such as that
Similar to those EU countries too is that the WB6 Union (ITU). ing through formal education and professional of the EU, rather than creating new ones. For
conceive of cyber security narrowly and thus often- training. However, CSOs, community groups, and example, developing a WB6 regional cyber strat-
times limited to attacks that impact specific net- The WB6 have made and continue to make progress private sector providers should also be support- egy, which identifies and sets out regional criti-
works or devices. Yet, malicious attacks are only in harmonising their cyber security legislation and ed to provide information and knowledge in this cal infrastructure, common minimum standards,
one variety of risk. Attacks on cognitive infrastruc- strategies in line with the EU framework. However, area, to ensure a multi-layered approach. a CIWIN, etc. This will help mitigate risk and
ture, on people, society and systems of information considerable deficits still remain in respect to im-
Leverage existing expertise - Creating networks ensure better overall CII protection.
and belief, often referred to as information opera- plementation and operationalisation of practical re-
of interested parties, such as the informal net-
tions or information based attacks are coming more sponses. The most significant challenges are posed Realign support of the international communi-
by (i) the lack of proper resourcing of Computer work initiated by OSCE and implemented by the
to the fore, as malicious actors use online systems ty to the strategy of the region - The support
Security Incident Response Teams (CSIRTs); (ii) low Diplo Foundation and DCAF in Belgrade, or draw-
to exploit vulnerabilities in our information sphere. of the international community is valued in this
levels of incident reporting; (iii) limited resourcing ing on existing associations, such as those within
Volume 2 of this study examines extremism and on- area, as in others, but does not come without
of bodies, such as CSIRTS, police, and prosecutors the private sector, could be a very productive
line radicalisation in this light. criticisms. There is a need for greater discussion
step. Furthermore, such networks of experts
about what areas may benefit from international
could assist in developing a more strategic ap-
8 9
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
ORGANISATIONS INTERVIEWED
support, what support would have the greatest and equipment could be housed within a region-
impact, and related issues. Having a regional al centre of excellence. This would reduce the
strategy would help identify headline issues and, cost to individual economies, yet provide them
in so doing, identify where best to direct such direct access to necessary high level technology,
support. This may help to both alleviate criti- support, and expertise when needed.
cisms about duplication of resources and stream- Interviews were conducted with representatives Ministry of Energy and Infrastructure, Albania
line programmes into priority areas for the re- from the following organisations. Their time, in-
gion. Ministry of Internal Affairs, Montenegro
sights and opinions are greatly appreciated.
Establish a regional centre of excellence - A Ministry of Security, Bosnia and Herzegovina
shared WB6 regional centre of excellence in cy- Academy of Justice, Kosovo*
CIRT, National Authority for Electronic Certifica-
ber security would be of benefit. While this would American Chambers of Commerce, The Former tion and Cyber Security, Albania
not negate the need for basic, yet effective, min- Yugoslav Republic of Macedonia
imum standards of equipment and technology at National Computer Incident Response Team
the economy level, more elaborate technology Balkan Investigative Reporting Network (BIRN) (CSIRT), The Former Yugoslav Republic of Mace-
donia
Belgrade Centre for Security Policy (BCSP), Ser-
bia NESECO, Bosnia and Herzegovina
Bit Alliance, Bosnia and Herzegovina Organized Crime and Corruption Reporting Proj-
ect (OCCRP)
Boga & Associates, Law Firm, Albania
Organization for Security and Co-operation in Eu-
Center for Democracy and Human Rights
rope (OSCE) Albania
(CEDEM), Montenegro
OSCE, The Former Yugoslav Republic of Macedo-
Center for Free Elections and Democracy (CESID),
nia
Serbia
OSCE, Serbia
Center for Investigative Journalism SCOOP, The
Former Yugoslav Republic of Macedonia Republic Agency for Electronic Communications
and Postal Services, Serbia
Central Bank, Montenegro
S&T, Montenegro
Centre for Security Studies, Bosnia and Herze-
govina Specialist on Radicalisation, The Former Yugo-
slav Republic of Macedonia
Cyber Security Specialist, The Former Yugoslav
Republic of Macedonia State Prosecutors of Montenegro
DCAF, Serbia The Centre for Training in Judiciary and State
Prosecution, Montenegro
Diplo Foundation, Serbia
ICT Association, Kosovo*
European Movement in Albania
Tirana Prosecution Office, Albania
General Directorate of State Police, Department
of Economic Crime, Albania Towersnet, Serbia
Institute for Democracy and Mediation (IDM), Al- University of Donja Gorica, Montenegro
bania
University of Pristina
IT Specialist, Albania
IT Specialist, Bosnia and Herzegovina
IT Specialist, Kosovo*
Kosovo* Centre for Security Studies
Kosovo* Forensics Agency
Chamber of Information and Communication
Technologies (MASIT) - ICT Chamber of Com-
merce, The Former Yugoslav Republic of Mace-
donia
Melita Partners, Kosovo*
Ministry of Defence, Bosnia and Herzegovina
10 11
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
LIST OF ABBREVIATIONS
ICM Islamic Community of Montenegro
ICT Information and Communication Technology
IED Improvised Explosive Devices
IISG Integrative Internal Security Governance
AHT Albania Hacker’s Terrorist IMPACT International Multilateral Partnership against Cyber Threats
ALCIRT Albanian National Agency for Cyber Security IOCTA Internet Organised Crime Threat Assessment
AKCESK National Authority for Electronic Certification and Cyber Security IOM International Organisation for Migration
AKSHI National Agency for Information Society IoT Internet of Things
AMC Albanian Muslim Community IP Internet Protocols
AMRES Academic Network of Serbia IPA Instrument for Pre-accession Assistance
BiH Bosnia and Herzegovina IS Islamic State
BSF Belgrade Security Forum ISF Internal Security Fund
CDCT Committee on Counter Terrorism ISP Internet Service Providers
CEAS Centre for Euro-Atlantic Studies ITU International Telecommunication Union
CEF Connecting Europe Facility JHA Justice Home Affairs
CII Critical Information Infrastructure MAP REA Multi-Annual Action Plan for a Regional Economic Area in the Western Balkans
CIP Competitiveness and Innovation Programme MARnet National Academic and Research Network
CIWIN Critical Infrastructure Warning Information Network MIT Massachusetts Institute of Technology
CODEXTER Committee of Experts on Terrorism MOU Memoranda of Understanding
CSDP Common Security and Defence Policy NCCVECT National Committee for Countering Violent Extremism and Countering Terrorism
CSIRT Computer Emergency Response Team NAEC National Authority for Electronic Certification
CSO Civil Society Organisation NATO North Atlantic Treaty Organization
CVE Countering Violent Extremism NBS National Bank of Serbia
DAE Digital Agenda for Europe NGO Non-Governmental Organisations
DCAF Geneva Centre for the Democratic Control of Armed Forces NIS Network and Information Security Directive
DDoS Distributed Denial-of-Service OTA Operational Technical Agency
DOS Denial of Service PCVE Preventing and Countering Violent Extremism
DSIs Digital Service Infrastructures POC Point of Contact
EC European Commission PPP Public-Private Partnership
ECI European Critical Infrastructure RAN Radicalisation Awareness Network
EC3 Europol’s Cybercrime Centre RATEL Republic Agency for Electronic Communications and Postal Services
ECTC Europol’s European Counter Terrorism Centre RCC Regional Cooperation Council
EKIP Agency for Electronic Communications and Postal Services R&D Research and Development
ENISA European Union Agency for Network and Information Security RUSI Royal United Service Institute
ESI European Structural and Investment SIPA State Investigation and Protection Agency
EU European Union TDO The Dark Lord
EUIF European Union Internet Forum TSO Transmission System Operators
EUIRU Europol’s Internet Referral Unit UK United Kingdom
FP7 7th Framework Programme UN United Nations
GCA Global Cybersecurity Agenda UNCTC United Nations Counter Terrorism Committee
GDPR General Data Protection Regulation UNCTED United Nations Counterterrorism Executive Directorate
GIFCT Global Internet Forum to Counter Terrorism UNDP United Nations Development Programme
HLCEG-R High-Level Commission Expert Group on Radicalisation UNODC United Nations Office on Drugs and Crime
H2020 Horizon 2020 Research and Innovation Framework Programme WBBSi Western Balkan Border Security initiative
IAP International Association of Prosecutors WBCSi Western Balkan Counter Serious Crime initiative
ICITAP International Criminal Investigative Training Awareness Program WBCTi Western Balkan Counter-Terrorism initiative.
12 13
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
cyberspace. They are a top concern of commercial security, which largely focus on hard or kinetic
and governmental defenders; Cyber-war is enter- attacks, such as cyber attacks and cybercrime,
ing dynamically into cyberspace creating increased and omit online information operations, such
concerns to critical infrastructure operators, espe- as online radicalisation, hate speech and ‘fake
cially in areas that suffer some sort of cyber crises.6 news’, are fit for purpose.
It is important and timely therefore to ques-
tion if our contemporary conceptions of cyber
6 ENISA (2018). ENISA Threat Landscape Report 2017, p.7.
Table 1. Growth in internet use in the WB6 between 2000 and 2017
2000a 2017b
ALBANIA .1% 66%
BOSNIA AND HERZEGOVINA 1.1% 81%
KOSOVO* ----- 80%
THE FORMER YUGOSLAV REPUBLIC OF 2.5% 76%
MACEDONIA
MONTENEGRO 18.4% 70%
SERBIA 12.3% 72%
1. INTRODUCTION Sources: a Internet Live Stats (2018). ‘Internet Users’: http://www.internetlivestats.com/internet-users/;
b
Internet World Stats (2017). ‘Europe’: https://www.internetworldstats.com/europa2.htm.
There were 3.8 billion internet users globally in 2017, in the offline world holds for cybercrime too.4 Multi-Annual Action Plan on Regional Economic Area
an increase from 2 billion in 2015. That equates to Braithwaite claimed that as the population increas- 1.1 Objective of the study (MAP REA).8
approximately 51% of the world’s population. It is es so too does the crime rate (per capita). If the
At the same time, this study also aims, ambitiously,
predicted that the number of users will rise to 6 increase in internet users and targets has the same The WB6 witnessed significant growth in internet
to expand our understanding of cyber security to en-
billion by 2022 and 7.6 billion by 2030, equating to impact as population growth in the offline world, use between 2000 and 2017 (see Table 1). The main
compass not just cyber attacks and cybercrime, but
approximately 90% of the world’s population 6 years one would expect to see a significant and continuing objective of this study is to provide a comprehen-
also cyber influence operations. These ‘hard’ (i.e.
old and above. Coupled with increasing numbers of increase in cyber attacks. Findings from the Euro- sive overview and analysis of the situation as regards
cyber attacks, including cybercrime) and ‘soft’ (i.e.
users is an increased volume of activity on the in- pean Union Agency for Network and Information Se- cyber security in Albania, Bosnia and Herzegovina,
‘fake news’, online radicalisation, etc.) aspects of
ternet. For example, the first website was launched curity (ENISA) may be emerging evidence that this Kosovo*, Montenegro, Serbia, and The Former Yugo-
malicious cyber activity are often treated separate-
in 1991; today there are over 1.2 billion websites in is already happening. In their 2017 review, ENISA slav Republic of Macedonia (hereafter WB6). Table
ly from each other, with attention to ‘hard’ issues
existence.1 In 2016 there were approximately 2.28 noted that the “complexity of attacks and sophisti- 2 provides a synopsis of relevant information and
privileged over ‘soft’. The genesis of our combined
billion social media users worldwide; this is estimat- cation of malicious actions in cyberspace continue findings in respect to each of the WB6 and Cyber
approach stems from a growing awareness by the
ed to grow to 2.77 billion in 2019, and 3 billion by to increase”.5 The greater number of users—in this Security. The aim, in part, of this is to assess how
Regional Cooperation Council (RCC) that the role of
2021.2 In fact, Microsoft suggest that data volumes case, targets—is also likely to have an impact on the the WB6 compare in respect to the European Un-
the internet in information operations cannot and
online will be 50 times greater in 2020 than they level, and probably also sophistication, of cyber in- ion’s activities in this area. This is timely, given the
should not be viewed in isolation from other areas of
were in 2016. While Intel claims that, given ‘big fluence operations, including by states, extremists, European Commission’s (EC) launch of the Digital
cyber security. The realm of cyber influence opera-
data’ and the Internet of Things (IoT), the number and terrorists, and a variety of other information Agenda for the Western Balkans in June 2018, which
tions is murky, difficult to research and only recent-
of smart devices will have grown from 2 billion in entrepreneurs, such as online purveyors of so-called aims to “support the transition of the region into a
ly receiving sustained attention from researchers,
2006 to 200 billion by 2020.3 ‘fake news’. ENISA (2017) noted that: digital economy and bring the benefits of the digi-
policymakers, media, and others. It is impossible
tal transformation, such as faster economic growth,
to adequately treat all of its various aspects in a
These statistics and projections are important, es- Monetization of cybercrime is becoming the main more jobs, and better services”7, by focusing on
study of this nature. The focus in this study is there-
pecially if Braithwaite’s assertion as regards crime motive of threat agents, in particular cyber-crimi- areas such as (i) lowering roaming charges (ii) con-
fore on a single key example of contemporary in-
nals. They take advantage of anonymity offered by nectivity (iii) cyber security, trust and digitalisation
fluence operations: online radicalisation, where the
the use of digital currencies; State-sponsored actors of industry (iv) digital economy and society, and (v)
internet is leveraged to gain sympathy and attract
are one of the most omnipresent malicious agents in research and innovation. Having an effective cyber
1 Morgan, S. (2017). ‘Cybercrime Damages $6 Trillion By 2021’, supporters for a variety of extremist and terrorist
Cybersecurity Ventures, 16 Oct.: https://cybersecurityventures. security framework is also imperative for achieving
4 Braithwaite, J. (1975) ‘Population Growth and Crime’, causes. This stems from an understanding that on-
com/hackerpocalypse-cybercrime-report-2016.
Australian and New Zealand Journal of Criminology, 8(1).
the commitments made by WB6 leaders in 2017’s
2 Statistica (2018). ‘Number of Social Network Users Worldwide
5 See ENISA (2018). ENISA Threat Landscape Report 2017: 7 European Commission (2018). ‘European Commission 8 See RCC (2018). ‘Multi-Annual Action Plan for a Regional
from 2010 to 2021 (in Billions)’: https://www.statista.com/
15 Top Cyber-Threats and Trends, Heraklion, Greece: ENISA: Launches Digital Agenda for the Western Balkans’, Press Economic Area in the Western Balkans’: https://www.rcc.int/
statistics/278414/number-of-worldwide-social-network-users.
https://www.enisa.europa.eu/publications/enisa-threat- Release, 25 June: http://europa.eu/rapid/press-release_IP-18- priority_areas/39/multi-annual-action-plan-for-a-regional-
3 Morgan (2017). ‘Cybercrime Damages $6 Trillion By 2021’. landscape-report-2017. 4242_en.htm. economic-area-in-the-western-balkans--map.
14 15
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
line terrorist activity has to-date focused less on tions. The first section discusses the relevant litera-
Communications
Republic Agency
conducting cyber terrorism and more on leveraging tures, including definitional choices, and supplies a
and Postal Ser-
no action plan
Adopted 2016
for Electronic
cyber spaces and tools for other purposes, including brief rundown of our methodology. The second sec-
24/7 POC
Ratified
SERBIA
radicalisation, recruitment, attack planning, and tion identifies EU legislative instruments, policies,
vices
2017
2009
2016
ü
ü
ü
ü
û
û
similar. Such an understanding on the part of the and organisations that have influenced the WB6’s
RCC has motivated them to commission this study in cyber security posture. Section three treats cyber
order to identify the linkages and overlaps between security in the WB6 as traditionally or narrowly
traditional narrow understandings of cyber security defined, so having an emphasis on cyber attacks,
and a new and more expansive approach that takes cybercrime, and related issues. Section four is com-
multi-disciplinary
Ministry of Public
Strategy and ac-
Administration
2018-2021 (2nd
MONTENEGRO
Adopted 2010
‘soft’ cyber security issues, such as online radical- posed of mini-cases studies of all WB6 economies,
24/7 POC
tion plan
isation, seriously. This bridging of the existing con- presenting the main actors responsible for cyber se-
Ratified
strat.)
Technical, financial, expertise and accessing and retention staffing
2012
2010
ceptual gap will, the RCC believes, assist them in curity in each economy, their keys activities, and
ü
ü
ü
ü
implementation of their commitments in the cyber existing challenges in this area. Volume two applies
security domain, including their responsibilities in a similar structure as it pertains to violent online
preventing and countering (online) violent extrem- extremism, the terrorism-internet nexus, and on-
ism and terrorism. line radicalisation from the WB6 perspective. Each
GOSLAV REPUBLIC
Strategy Adopted
THE FORMER YU-
tronic Communi-
report ends with conclusions and recommendations.
Agency for Elec-
OF MACEDONIA
in July 2018
To do this, the study is divided into two volumes;
24/7 POC
Ratified
cations
this is the first volume. It is divided into five sec-
2016
2004
ü
ü
ü
Table 2. Synopsis of relevant information and findings in respect to each of the WB6 and Cyber Security
û
û
tronic and Postal
Communications
Strategy and ac-
thority for Elec-
Regulatory Au-
Adopted 2010
24/7 POC
KOSOVO*
tion plan
2016
2016
ü
ü
ü
ü
ü
Very limited func-
BOSNIA AND HER-
Ministry of Secu-
ZEGOVINA
24/7 POC
tionality
Ratified
2017
2006
rity
ü
ü
û
û
û
24/7 Point of Con-
Policy acts in lieu,
Certification and
National Author-
ity of Electronic
Cyber Security
Adopted 2017
tact (POC)
2015-2017
ALBANIA
Ratified
2002
2016
ü
ü
ü
ü
û
includes reference to cyber/
3rd level education on Infor-
Critical Information Infra-
Budapest Convention on
Cyber Security Strategy
CVE/Terrorism Strategy
Law on Cyber Security
structure Defined
mation Security
Key Challenges
CIRT Location
National CIRT
Cybercrime
online
16 17
A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
1.2 Cyber Security licious individuals and groups are aware that in- the World Bank’s Balkans Digital Highway Initiative16,
it is pertinent for the WB6 to follow suit and set out
critical infrastructures, technology, and users, es-
pecially because a large proportion of CI is owned
creased global digitalisation provides opportunities
to them worth maximising. Targets are also many and define what could be considered regional crit- by private companies, such as telecommunications
Cyber security9 is often described as the process of
and varied. Particular threats are posed by attacks ical infrastructure. For example, a shared regional service operators, banks, and transmission system
protecting online systems, networks, information/
on critical infrastructure, but are not restricted to utility infrastructure could significantly benefit the operators (TSOs). They too have responsibility in
data and programmes from digital attack. More region, both from a user and economic perspective. the area of cyber security. Worth noting, further, is
specifically, the EU defines it as: these, and can include informational attacks on
Bosnia and Herzegovina and Serbia have yet to for- that cyber security does not only relate to protec-
elections, social cohesion, and the like.
mally define CII in their legislation or strategies, tion against man made attacks, but includes pro-
[T]he safeguards and actions that can be used to but the remainder of the WB6 have definitions in- tection of ICT infrastructure from all threats and
protect the cyber domain, both in the civilian and The European Union defines Critical Infrastructure cluded in their cyber security strategies. risks, such as those stemming from natural disas-
military fields, from those threats that are asso- as an: ters and unforeseen circumstances.
ciated with or that may harm its interdependent A sub-category of critical infrastructure is Critical
networks and information infrastructure. Cyber Se- [A]n asset, system or part thereof located in Mem- Information Infrastructure (CII), defined as “ICT That said, not all, or even most, cyber attacks tar-
curity strives to preserve the availability and integ- ber States which is essential for the maintenance systems that are Critical Infrastructures for them- get critical infrastructure. Instead of being matters
rity of the networks and infrastructure and the con- of vital societal functions, health, safety, security, selves or that are essential for the operation of of national security, many breaches of cyber se-
fidentiality of the information contained within.10 economic or social well-being of people, and the Critical Infrastructures (telecommunications, com- curity are of a more routine criminal nature, ex-
disruption or destruction of which would have a sig- puters/software, Internet, satellites, etc.)”.17 Gov- cept having a significant online component. Many
nificant impact in a Member State as a result of the ernments therefore have a key role in ensuring the such incidents fall into the category of cybercrime.
Adopted in this study however is Von Solms and Van
failure to maintain those functions.12 security of cyberspace, similar to their responsibili- Cybercrime is described in Europol’s Internet Or-
Niekerk’s (2012) much wider definition of cyber se- ties for critical physical infrastructure in the offline ganised Crime Threat Assessment (IOCTA) “as any
curity as: world. However, to do this, cooperation between crime that can only be committed using computers,
Such critical infrastructures are often highly inter-
countries, both at regional and international lev- computer networks or other forms of information
[T]he protection of cyberspace itself, the electron- connected and mutually dependent, both physical-
els, is required. An example of this at the European communication technology (ICT). In essence, with-
ic information, the ICTs that support cyberspace, ly and technologically. Therefore, when one is tar- level is the Critical Infrastructure Warning Informa- out the internet these crimes could not be com-
and the users of cyberspace in their personal, so- geted it can have serious repercussions for others tion Network (CIWIN). The CIWIN, which has been mitted”.19 These include online scams, malware,
cietal and national capacity, including any of their too. The scale and scope of this can vary from being running since 2013, was developed as: ransomware, email bombing, virus dissemination,
interests, either tangible or intangible, that are quite localised to reaching far beyond domestic or logic bombs, electronic money laundering, sales
vulnerable to attacks originating in cyberspace.11 regional borders.13 In addition to defining critical [A] Commission owned protected public internet and investment fraud, eavesdropping and surveil-
infrastructure generally, Directive 2008/114/EC of based information and communication system, of- lance, hacking, cyber stalking, cyber bullying,
This definition illustrates how cyber security is far the Council of the European Union also defined ‘Eu- fering recognised members of the EU’s CIP com- identity theft, and child soliciting and abuse.
more complex than just its information and/or ICT ropean Critical Infrastructure (ECI)’ as: munity the opportunity to exchange and discuss
security components. It includes, in addition, the CIP-related information, studies and/or good prac- It has been difficult to obtain verified statistics
[C]ritical infrastructure located in Member States tices across all EU Member States and in all rele- and information on cyber attacks and cybercrimes
security and even wellbeing of users and the secu-
vant sectors of economic activity.18 in the WB6. Those that are available are generally
rity and protection of their assets that can be ac- the disruption or destruction of which would have
not directly comparable as they do not only always
cessed or reached via cyberspace. Cyber security, a significant impact on at least two Member States. The WB6 may benefit from a similar network. Dia- include the same types of crime. This is evident in
on this definition, stretches from protection of crit- The significance of the impact shall be assessed in logue and cooperation with the private sector and the difference in the number of incidents reported
ical infrastructures be it international, regional, terms of cross-cutting criteria. This includes ef- civil society is critical to ensuring both policy and in Table 3, which shows those statistics that are
national, or local, such as the electric power grid fects resulting from cross-sector dependence on operational success given the interconnectivity of available. This lack of statistics is interesting in it-
and air traffic control systems to the security of other types of infrastructure. 14 self as it illustrates that the WB6’s CSIRTs are not
individual internet users – such as via limiting their 16 “The World Bank Balkans Digital Highway Initiative is a new yet functioning at a level that facilitates reliable
study that will investigate whether it is possible to improve the monitoring, recording, and reporting. The lack of
exposure to online bullying; cybercrime, including In light of the Digital Agenda for the Western Bal- regional interconnectivity in the Western Balkans and increase
online fraud and extortion; or online radicalisation kans, the EU’s digital single market strategy,15 and access to the Internet for people by establishing a regional
statistics should not be seen as the absence of at-
– but while also protecting those same users’ digi- broadband internet infrastructure over transmission grids of tacks nor solely the fault of CSIRTs, however. There
state-owned energy companies. The initiative may pave the is a high degree of underreporting of cyber attacks
tal rights and freedoms. In terms of threat actors, 12 Council Directive 2008/114/EC (2008) on The Identification
and Designation of European Critical Infrastructures and the
way for the first joint collaboration on digital connectivity globally not just in the WB6, which makes gathering
hostile states, terrorists, criminals, and other ma- among Albania, Bosnia and Herzegovina, The Former Yugoslav
Assessment of the Need to Improve Their Protection, 8 Dec., reliable statistics difficult. Furthermore, organisa-
Republic of Macedonia, Kosovo,* Montenegro, and Serbia, if the
9 There are a very large number of definitions of cyber security
p. 3: https://eur-lex.europa.eu/legal-content/EN/TXT/
assumptions on the significance of optical fiber assets owned
tions, both private and public, are often unaware
PDF/?uri=CELEX:32008L0114&from=EN. that they have been the victim of attack and thus
available in policy documents, the academic literature, etc. It by the operators of transmission systems are justified from an
is not within the remit of this report to argue the merits or 13 Rinaldi, S.M., Peerenboom, J.P., and Kelly, T.K. (2001). economic, technical, and regulatory point of view.” See World have nothing to report. Given the lack of statistics
demerits of these various approaches, which would require a ‘Identifying, Understanding, and Analysing Critical Infrastructure Bank (2017). ‘Brief: Balkans Digital Highway Initiative’, 9 May: and in an effort to highlight the type, scale, and
whole study in itself. Interdependencies’, IEEE Control Systems, 21(6). http://www.worldbank.org/en/country/kosovo/brief/balkans- scope of incidents in the region, Table 4 illustrates
digital-highway-initiative.
10 European Commission (2013). Cyber Security Strategy of 14 Council Directive 2008/114/EC (2008) on The Identification a selection of cyber incidents discussed in WB6 me-
the European Union: An Open, Safe and Secure Cyberspace, and Designation of European Critical Infrastructures, p.77. 17 European Commission (2005). ‘Green Paper: European dia between 2013 and 2018.
Brussels: High Representative of the European Union for Programme for Critical Infrastructure Protection’, 17 Nov.,
15 “The Digital Single Market denotes the strategy of the
Foreign Affairs and Security Policy, p. 3: http://eeas.europa. p. 19: https://eur-lex.europa.eu/legal-content/EN/TXT/
European Commission to ensure access to online activities for
eu/archives/docs/policies/eu-cyber-security/cybsec_comm_ PDF/?uri=CELEX:52005DC0576&from=BG.
individuals and businesses under conditions of fair competition,
en.pdf.
consumer and data protection, removing geo-blocking and 18 For more information, see the Critical Infrastructure 19 Europol (2017). Internet Organised Crime Threat Assessment
11 Von Solms, R. and Van Niekerk, J. (2012). ‘From Information copyright issues”. See European Commission (2018), ‘Shaping Warning Information Network’s (CIWIN) webpage at https:// 2017 (IOCTA 2017), The Hague: Europol, p.18: https://www.
Security to Cyber Security’, Computers & Security, Vol. 39, the Digital Single Market’: https://ec.europa.eu/digital-single- ec.europa.eu/home-affairs/what-we-do/networks/critical_ europol.europa.eu/sites/default/files/documents/iocta2017.
p.101. market/en/policies/shaping-digital-single-market. infrastructure_warning_information_network_en. pdf.
18 19A NEW VIRTUAL BATTLEFIELD - How to prevent online radicalisation in the cyber security realm
Table 3. Reported Cyber Security Incidents 2017 financially motivated cybercriminals versus a hos- reach 1,500 people six times quicker on average study for two reasons. First, the distinction goes to
tile state or its proxies), the motives for attacks than a true story does, outperforming on every sub- the heart of the issue as regards traditional narrow
ALBANIA NA – especially national or global-level attacks – are ject – including terrorism and war.26 Investigations conceptions of cyber security, which focus on the
BOSNIA AND HERZEGOVINA thus often a matter for debate and/or remain ob- are still continuing, but it is interesting to reflect cyberterrorism threat, while ignoring what has thus
NA
scure. McAfee, announcing their June 2018 Labs that it remains unclear that anyone involved in far turned out to be the greater threat: everyday
KOSOVO* NA Threat Report, reported a 31% decline in new mal- the Veles online operation actually broke the law. terrorist use of the internet. Second, there is no
ware, but noting that threat actors were evolving Nonetheless, these WB6-based information ‘entre- evidence to suggest that an incident of cyberter-
MONTENEGRO 385a rorism has occurred or is imminently likely in any of
their technologies to do things better.23 preneurs’ illustrate how together the power of so-
SERBIA 20b 22 the WB6, but there is ample evidence of extremist
cial media, digital advertising revenue, and politi-
and terrorist internet use, which will be discussed
THE FORMER YUGOSLAV
REPUBLIC OF MACEDONIA
72c 23 1.3 Information Operations cal partisanship can produce a toxic brew.27
in more detail in Volume 2.
In terms of online information operations and the
Sources: a Government of Montenegro (2017). Cy-
As the preceding discussion illustrates, when pol-
icymakers, media, and publics discuss cyber se-
(cyber) security risks posed by these, fake news is 1.4 Methodology
bersecurity Strategy of Montenegro, 2018 – 2021, an emerging area of policy concern and academ-
curity they generally think about attacks that im- ic research. We know considerably more, how- This research employed a mixed methods approach,
Podgorica: Ministry of Public Administration, p.
pact specific networks or devices. Malicious cyber ever, about violent extremists and terrorists who which allowed for the combination of data from a
20: http://www.mju.gov.me/ResourceManager/
attacks are only one variety of cyber risk howev- have, for some time, been utilising the internet to variety of different sources. The process was broken
FileDownload.aspx?rid=305198&rType=2&file=-
er. Information operations or information-based “communicate, collaborate and convince” and it is down into three phases: (i) desk-based research,
Cyber%20Security%20Strategy%20of%20Montene-
‘attacks’, on the other hand, focus on “cognitive their activities that will be concentrated on in this (ii) field assessment and consultation, and (iii) re-
gro%202018-2021%20eng.pdf; b Statistical Office
infrastructure, on people themselves, on society, study.28 Treatment of terrorist use of the internet as port writing. Given that the topics under review
of the Republic of Serbia Statistical Release SK12,
and on systems of information and belief”.24 The a cyber security issue may seem unremarkable, ex- (i.e. cyber security as traditionally conceived and
Number 193 • Year LXVIII, 16.07.2018, Judiciary sta-
power of strategies of disinformation and misinfor- cepting that it’s not so-called ‘cyberterrorism’ that information operations, with a particular focus on
tistics, p. 6: http://publikacije.stat.gov.rs/G2018/ is focused on herein. Terrorism and the internet
mation to manipulate is coming more to the fore, extremism, terrorism and online radicalisation) are
PdfE/G20181193.pdf; c ‘Macedonia 2018 Crime & intersect in two main ways. NATO’s Tallinn Manu-
especially in the context of so-called ‘fake news’. generally viewed as distinct, our initial approach
Safety Report’: https://www.osac.gov/Pages/Con- al describes ‘cyber terror’ as “[c]yber attacks, or
Algorithms, clickbait, advertising, and social me- to the desk-based research was two-pronged: we
tentReportDetails.aspx?cid=23844.20 21 the threat thereof, the primary purpose of which
dia give fake news producers access to data and undertook a separate literature review and docu-
analytics on content performance and visitor de- is to spread terror among the civilian population”.29 ment analysis in respect of each of cyber security
In 2017, Europol reported that the most common The cyberterrorism threat is often portrayed via
mographics, which are very powerful commodities. and online radicalisation. Each was then examined
attacks utilised a particular type of malware known worst case scenarios, from using cyber means to
These are being used to exploit vulnerabilities in to identify linkages and overlaps between them. All
as ransomware.22 Ransomware is a type of malicious shut down the electric power grid to contaminat- relevant issues were then followed-up in the field
our information systems. A wide variety of mali-
software or ‘malware’ that upon infecting a sys- ing a major water supply.30 Everyday terrorist use research in the WB6.
cious actors, from states with traditional geopolit-
tem locks or encrypts victims’ data and threatens of the Internet, including for publicity, radicali-
ical interests to financially-motivated information sation, recruitment, financing, coordination, at-
to permanently block access to it unless a ransom is entrepreneurs, are today weaponising the Internet, All interviews, excepting four conducted via Skype,
paid. The May 2017 WannaCry and June 2017 Petya/ tack-planning, and a variety of other purposes, is were carried out in the WB6 in May and June 2018.
particularly social media, to forward their goals. much more commonplace however. This differen-
NotPetya ransomware attacks impacted globally; Forty-five interviews were conducted in total; all
tiation between cyberterrorism and terrorist use
lower-level ransomware attacks on small firms and Take, for example, the town of Veles in The For- were semi-structured in nature. Of these, nine
of the internet31 is important in the context of this
individuals are increasingly commonplace however, mer Yugoslav Republic of Macedonia. It came to were conducted in respect to Albania, eight in Bos-
as are the use of other types of malware, includ- prominence in 2016, just before the US Presidential 26 Vosoughi, S., Roy, D., and Aral, S. (2018). ‘The Spread of
nia and Herzegovina, seven in Kosovo*, seven in
ing banking Trojans, and a wide variety of phishing Election. Young people from the town were alleged True and False News Online’, Science, 359(6380). See also Meyer, Montenegro, seven in The Former Yugoslav Republic
scams. It’s worth noting here that it is often diffi- to have made considerable sums of money flood- R. (2018). ‘The Grim Conclusions of the Largest-Ever Study of of Macedonia, and seven in Serbia. To ensure inclu-
cult, due to the similar tools and techniques used,
Fake News’, The Atlantic, 8 March: https://www.theatlantic. sion of a wide breath of perspectives, stakeholders
ing the internet with viral content, much of which com/technology/archive/2018/03/largest-study-ever-fake- from five key fields were initially targeted: govern-
to attribute cyber attacks to particular actors (e.g. was untrue, supporting Donald Trump.25 Research- news-mit-twitter/555104/.
ment, donor communities, the private sector, civil
ers from the Massachusetts Institute of Technology 27 Kirby, E.J. (2016). ‘The City Getting Rich from Fake society, and academia. A thematic guide, based on
20 Criminal offences against safety of computer data, (MIT) found that false information is 70% more like- News’, BBC News, 5 Dec.: https://www.bbc.com/news/
magazine-38168281.
the literature reviews, was developed for the in-
consisting of damaging computer data and programmes (4); ly to be retweeted than fact, and that false stories terviews to ensure consistency across them. A com-
computer sabotage (1); computer fraud (11); unauthorised 28 Von Behr, I., Reding, A., Edwards, C., and Gribbon, L.
access to secured computer, computer network and electronic 23 Beek, C., Dunton, T., Grobman, S., Karlton, M., Minihane, (2013). Radicalisation in the Digital Era: The Use of the Internet
bination of thematic and content analysis was then
data processing (3); unauthorised use of computers or computer N., Palm, C., Peterson, E., Samani, R., Schmugar, C., Sims, in 15 Cases of Terrorism and Extremism, Brussels: RAND Europe, conducted. This allowed for flexibility, whilst still
network (1). In Statistical Office of the Republic of Serbia R., Sommer, D., and Sun, B. (2018). McAfee Labs Threats p. 3 and p.31: https://www.rand.org/content/dam/rand/pubs/ producing rich, detailed, and complex description
Statistical Release SK12, Number 193 • Year LXVIII, 16.07.2018, Report, June, Santa Clara, CA.: McAfee: https://www.mcafee.
research_reports/RR400/RR453/RAND_RR453.pdf. of the data. A similar thematic interview model was
Judiciary statistics, p. 6: http://publikacije.stat.gov.rs/G2018/ com/enterprise/en-us/assets/reports/rp-quarterly-threats-
PdfE/G20181193.pdf jun-2018.pdf. 29 NATO Cooperative Cyber Defense Centre of Excellence used during all interviews. The interviews were not
(2013). Tallinn Manual on the International Law Applicable to electronically recorded, but detailed notes were
21 In 2017, there were 72 documented cybercrime offenses 24 Morgan, J. and DiResta, R. (2018). ‘Information Operations
in The Former Yugoslav Republic of Macedonia, with damage are a Cybersecurity Problem: Toward a New Strategic Paradigm
Cyber Warfare, Cambridge, UK: Cambridge University Press, taken throughout. All interviewees were provid-
p.104. ed with a unique code to ensure anonymity, codes
and illegal access to computer systems being the most common, to Combat Disinformation’, Just Security, 10 July: https://www.
followed by computer fraud. See US Department of State, Bureau justsecurity.org/59152/information-operations-cybersecurity- 30 Conway, M. (2017). ‘Determining the Role of the Internet in ranged from RB1 to RB45.
of Diplomatic Security (2018). ‘Macedonia 2018 Crime & Safety problem-strategic-paradigm-combat-disinformation. Violent Extremism and Terrorism: Six Suggestions for Progressing
Report’: https://www.osac.gov/Pages/ContentReportDetails. Research,’ Studies in Conflict & Terrorism, 40(1), pp.’s 77-98.
25 Subramanian, S. (2017). ‘Inside the Macedonian Fake-news Given the scale and scope of this project, a snow-
aspx?cid=23844
Complex’, Wired, 15 Feb.: https://www.wired.com/2017/02/ 31 Conway, M. (2017). ‘Determining the Role of the Internet in balling method of sampling was used when decid-
22 Europol (2017). IOCTA 2017, p.10. veles-macedonia-fake-news/. Violent Extremism and Terrorism’, pp.’s 77-98.
20 21You can also read
