a new virtual battlefield web.p… · radicalisation) in the western balkans, commissioned by the...

Summary of the Study on Cyber Security (andOnline Radicalisation) in the Western Balkans

How to prevent online radicalisation in the cyber

security realm of the Western Balkans?

A NEWVIRTUAL battlefield

funded by the EU

This publication is funded by the EU. It reflects only the views of the author(s). The Regional Cooperation Counciland the EU cannot be held responsible for any use which may be made of the information contained herein.

This brochure is based on the study on cyber security (and onlineradicalisation) in the Western Balkans, commissioned by the RegionalCooperation Council, within the IPA II 2016 Regional Action on P/CVE inthe Western Balkans. The main objective of the Study this brochure is based on is to provide acomprehensive overview and analysis of the situation regarding cybersecurity and online radicalisation in Albania, Bosnia and Herzegovina,Kosovo*, Montenegro, Serbia, and The Former Yugoslav Republic ofMacedonia (Western Balkans 6 or WB6), and to providerecommendations for enhancement of cyber security and preventionof online radicalisation.

*This designation is without prejudice to positions on status, and is in line with UNSCR 1244 and the ICJ Opinion on the Kosovo declaration of independence.

INTRO

2015 2 Billionnumber of

internet users in2015

2016

3.8 Billionnumber of internet

users globally in2017or

20226 Billion

expected number ofinternet users by 2022

A NEW VIRTUAL BATTLEFIELDHow to prevent online radicalisation in the cyber security realm of the Western Balkans?

51%of world population

Global online environment overview

20307.6 Billion

is expected growth ofinternet users by 2030

of the world’s 6+y/o populationwill be usinginternet

90%

2017

2.28 Billionnumber of social

media users in 2016worldwide

IMPORTANT POINT!Significant growth recorded

in internet use in theWestern Balkans between2000 and 2017, with the

number of internet usersranging from 66% to 81% of

the population.

n/a

80%

Kosovo * 81%

1.1%

Bosnia andHerzegovina

70%

18.4%

Montenegro

76%

72%

2.5%

12.3%

The Former YugoslavRepublic ofMacedonia

Serbia 66%

0.1%

Albania

YEAR2000

YEAR2017

YEAR2000

YEAR2017

YEAR2000

YEAR2017

YEAR2000

YEAR2017

YEAR2000

YEAR2017

YEAR2000

YEAR2017

70% 66%

rbr ibia

76%donia

1% ofation.

80%

vo *

81%

The F rmrr eepuac

of internet users in theregion:

Regional online environment overview


Contemporary conceptions of cyber security,which largely focus on hard or kineticattacks, such as cyber-attacks andcybercrime, and omit online informationoperations, such as online radicalisation, hatespeech and ‘fake news’, no longer fit thepurpose.

A New Virtual Battlefield - How to preventonline radicalisation in the cyber securityrealm of the Western Balkans ambitiouslyexpands our understanding of cyber securityto encompass both, stemming from a growingawareness by the RCC that the role of theinternet in information operations cannot andshould not be viewed in isolation from otherareas of cyber security.

400Number of reported cybersecurity attacks in theWestern Balkans in 2017

How ready is theregion for thisapproach?


Cyber Security

Eurobarometer survey on mostcommon concerns of internet users:

2015

concerned about themisuse of theirpersonal data

had no concernsabout online bankingor online payments

concerned aboutsecurity of online

payments

43%

42%

18%

2007 - 2013 2014 -2020

334 million 450 million

Between 2007and 2013 the EUinvested €334million in cybersecurity

Planned furtherinvestmentsbetween 2014and 2020 are€450 million

CYBERSECURITY

Computer SecurityIncident ResponseTeams (CSIRTs)

The functions of all the ComputerSecurity Incident Response Teams(CSIRTs) in the WB6 are very similar;however, their levels of functionalityare not consistent across alleconomies. None of the national CSIRTs in theWB6 are standalone agencies, buttheir positioning within governmentsis different across the region.

CSIRT


Cyber Security

BudapestConvention onCybercrime

National CIRT

Law on CyberSecurity

Cyber SecurityStrategy

3rd leveleducation onInformationSecurity

CVE/TerrorismStrategy includesreference tocyber/online

Key Challenges

Ratified200224/7 Point ofContact (POC)

2016

Adopted 2017

Policy acts in lieu,2015-2017

ALBANIA

Ratified200624/7 POC

Very limitedfunctionality2017

BOSNIA ANDHERZEGOVINA

24/7 POC

Strategy andaction plan2016

Technical, financial, expertise and accessing and retention staffing

KOSOVO*


Strategy Adoptedin July 2018

THE FORMERYUGOSLAVREPUBLIC OFMACEDONIA


multi-disciplinary

Strategy andaction plan2018-2021 (2ndstrat.)

MONTENEGRO


Yes, no actionplan2017

SERBIA

2016

2016

2016

2012

Adopted 2010

Adopted 2010

Adopted 2016

Cyber Security


Synopsis ofrelevant information and findings

in respect to each of the WB6CSIRTs: lack of financial investmentcommensurate with the required activity; lack ofsufficient staffing; insufficient technologicalcapacity

Incident reporting: companies in particular fearreputational damage in case of media leaks; lackof confidence in law enforcement; lack ofcapacity to identify attacks when they happen

Investigations and procedures: suffer frominsufficient skills and capabilities

Public private partnerships (PPP): lack oftradition of PPPs in the region; lack of demandfor such initiatives; lack of recognition bygovernments of ICT experts within WB6economies (preference for international experts)

Education: apparent lack of educational policiesfocusing on ICT and related security in the WB6

Media: noted lack of informed reporting on cybersecurity in the majority of the WB6

Brain drain: high rates of migration ofexperienced ICT professionals from the region

Lack of awareness of cyber security risks in theregion


Regional challenges to implementation of Cyber Security Strategy

Online Radicalisation

Violent extremists andterrorists...

...have, for some time, beenutilising the internet tocommunicate, collaborate andconvince which is exactly what theStudy on Cyber Security (andOnline Radicalisation) in theWestern Balkans focuses on. The role of the internet inradicalisation processes is evidentacross the WB6, but personalinteractions remain important.

...claim that ‘radicalisation’ ismostly associated with violentjihadi terrorism and is much lessprevalent in discussions aroundother types of violent extremismand terrorism, such as the extremeright.

All but two WB6 havenational-level strategies...

Critics of contemporaryradicalisation discourse...

...for countering radicalisationand/or violent extremism – but lagbehind in their implementation.

mme

Ana

...anbe

Most significant deficits associated with implementationof strategies for countering radicalisation:

limited appropriatecivil societyparticipation

limited resourcing ofbodies, such as police,and prosecutors inrespect of staffing,technology, andtraining

need for morecareful mediareporting

lack of significantpublic privatepartnerships

lack of educationalpolicies andprogrammes onidentifying risky onlinecontent


At the height of their onlineprowess in 2015, Islamic State (IS)

was producing approximately1,200 items of official content

monthly, including photo arrays,infographics, PDF magazines,and videos. IS are not the only

terrorists active online, of course.

There are a variety of violentextremists and terrorist groups

and their supporters currentlyengaged in a diversity of online

activity.

2015

Infographics

1,200 per month

PDFmagazines

Photoarrays

andvideos

In period 2012-2017 around 1,000individuals (men, women,children, elderly) from theWestern Balkans travelled toSyria and Iraq, out of whomaround 300 returned, more than200 were killed, some 400remained, while some areconsidered missing.

2012-2017

Killed

200

Returned

300

Remained

400

False info is 70% more likely to be retweeted than a true one

False story on average reaches 1,500 people 6 times quicker than atrue story

1500 6x

70%


Online Radicalisation

ONLINEradicalisation

CYBERsecurity

EU Assessment 2018 for Chapters 10 and 24 says Albania ismoderately prepared for information security, and some progresshad been made in relation to the digital agenda action plan and e-government services

Dedicated cybercrime units exist in State Police and GeneralProsecutor’s Office

Majority of cybercrime cases relate to fraud, hacking, onlinestalking, and data interference

Does not have Cyber Security Strategy per se, but the Paper onCyber Security 2015 – 2017 suffices in its absence

Dissemination of extremist messaging has taken place throughdirect communication in about 70% of cases and about 30% via theInternet

Social media are not the most important channel of disseminationof ’extremists’ content in Albania

ALBANIAINTERNET USERS IN DEC 2017

1,932,024

ing, online

roughdirect communication in aboInternet

Social media are not the moof ’extremists’ content in Al

ing taken% o and

mp rtant chanania

g has takof cases a

portant annel of dissof d

Overview per each of the WB6 - Cyber Security and Online radicalisation


There is no culture of information security in BiH yet – lack ofawareness and understanding of potential impacts

EU Assessment 2018 for Chapters 10 and 24 says Bosnia andHerzegovina lacks a strategic [state level] framework to address theissue of cybercrime and cyber security threats. Investigations incybercrime reportedly remain very rare.

In 2017, BIRN located more than 60 websites based in the WesternBalkans promoting the idea of ethnically pure nation states, neo-Nazism,violent homophobia and other radical right-wing policies

Main types of cybercrime include DoS[1] and DDos[2] attacks, internetfraud, unauthorised access to computer systems, credit card scams,wireless network abuse, online child sex abuse-related activity, onlineintellectual property rights violations, social network abuse,distribution of malware, inciting hatred, discord or intolerance, andpublic incitement to terrorism and terrorist propaganda

The Internet widely recognised as having facilitated the establishmentand spread of a wide variety of transnational networks, including Salafiand jihadi networks. Large BiH diaspora, with notable Salafi contingentsin Austria, Germany, the Netherlands, Slovenia, and Sweden, isconnected via the Internet

However, community ties and face-to-face contacts were moreconsequential

A role for the internet in the increased nationalist rhetoric apparent inBiH has also been mooted

[1] In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or networkresource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet[2] A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or networkby overwhelming the target or its surrounding infrastructure with a flood of Internet traffic

ONLINEradicalisationCYBERsecurity

BOSNIA ANDHERZEGOVINA

INTERNET USERS IN DEC 2017 2,828,846



Does not have an overarching law on cyber security, but cyber securitystrategy has been adopted in July 2018

EU Assessment 2018 for Chapters 10 and 24 says Criminal Code of TheFormer Yugoslav Republic of Macedonia is broadly in line with EUstandards, criminalising online child sex abuse and computer crime,amongst other crimes. Digitalisation of the economy is progressing fast

Easy access to extremist and terrorist contentvia the Internet, especially social media

ONLINEradicalisation

CYBERsecurity

Established their national CSIRT in 2016

The majority of cyber-attacks were of DoS and phishing types, butmalware distribution is increasing albeit there is a lack of awareness bymany users of this threat

y

eU,

recorded

cyber-attacksin 2017

75

THE FORMERYUGOSLAVREPUBLIC OFMACEDONIA

INTERNET USERS IN DEC 2017 1,583,315



The most common type of cybercrimes include credit card fraud,fake news (e.g. through forged e-mails to the media), computerintrusion, DDoS attacks, phishing, etc.

EU Assessment 2018 for Chapters 10 and 24 says Kosovo* hasmade some very positive progress in cyber security domain and ithas very good legislation. However, the biggest issue relates toimplementation, which has not yet been done to the levelrequired

The government appointed a 24/7 contact point within thepolice’s cybercrime unit

In addition to significant role of social media, a number of reports onIS-related activity in Kosovo* mention the importance of traditionalmass media in radicalisation and recruitment processes


Relations between the public and private sectors are good,especially in respect to internet service providers. However,cooperation is still not where it could be

Internet played a significant part in Kosovo* foreign fighters’radicalisation processes

IS-produced Albanian-language online content targeted Albanianspeakers in Albania, Kosovo*, and The Former Yugoslav Republic ofMacedonia, but with a particular focus on the Kosovo* context

KOSOVO *INTERNET USERS IN DEC 2017

1,523,373



recorded



2013

2014

2015

2016

2017 (until 1Sept)

TOTAL

ATTACKS ONWEBSITESand IS

ONLINEFRAUD

ABUSE OFSOCIALPROFILES

INAPPROPIRATE CONTENTONLINE

MALWARE OTHER

5

5

6

18

90

124

3

6

17

20

13

59

10

20

37

36

25

128

-

5

19

14

4

42

1

-

17

50

245

313

3

6

36

25

8

78

385

Montenegro is progressing quickly in the area of cyber security from alegislative and policy perspective

EU Assessment 2018 for Chapters 10 and 24 says Montenegro did notinclude a substantive evaluation in relation to cyber and cyber security

In 2017, the Government formed the Information Security Council

Private sector in Montenegro is very progressive in the cyber securityfield, with some IT service providers pioneering in this area for at least15 years

non-violent Salafismviolent takfirism (termed in this report ‘violent jihadism’)

and pan-Slavism and Orthodox extremism

There are three maintypes of extremism inMontenegro:

#3 In terms of the

latter type, some

Montenegrins have

joined the foreign

fighter contingent

in eastern Ukraine.

MONTENEGROINTERNET USERS IN DEC 2017

439,624

dddd



CSIRT is of limited functionality due to the staffing issues

In 2017, BIRN located 30-plus Serbian-language extreme rightwebsites

EU Assessment 2018 for Chapters 10 and 24 says Serbia hadyet to adopt a strategy on cybercrime

The findings of a public opinion survey conducted among youngpeople from Sandžak showed that more than half of respondents(52.6%) viewed online platforms as crucial for dissemination ofextremist views and content

Almost half of respondents (46.7%) in the same survey thought that,in terms of online dissemination, social media platforms were themost important tool for extremist propaganda

Considerably lower numbers of respondents felt that important forthe spread of extremist messaging were “religious objects” (7.1%) orthat such messaging was widespread “in the community” (8.3%)

ON

LINE

radicalisation

The area of information security is seen as a relativelynew field of awareness for the Government, but one thatis seen as a new security challenge

The national CSIRT is located in the Republic Agency forElectronic Communications and Postal Services but anumber of other CSIRTs are also present in Serbia

It has a Special Prosecution Office for the fight againstcybercrime

Good cooperation exists between the private sector andgovernment, for the most part, and it is improving

recorded


20

On

SERBIAINTERNET USERS IN DEC 2017

6,325,816

CYB

ERsecurity

C



Develop cost efficiency strategies and actions plans duringthe planning phase and reinforce such plans with dedicatedfunds

Create and/or improve cyber incident reporting structures

Raise awareness

Leverage existing expertise by creating networks ofinterested parties

Identify and develop Public Private Partnerships (PPP) andbuild synergies

Review educational approach to ICT and Cyber Security

Develop a more strategic approach to regional cooperation,within existing frameworks

Realign support of the international community to thestrategy of the region

Establish a regional centre of excellence

NATIONALLEVEL

REGIONALLEVEL

l approach to ICT and Cyb

rategic approach to reegiomeworks


Recommendations for improvement of Cyber Security

Implement critical thinking into cybersecurity education

Review and develop responses toaddress societal issues that groups orindividuals may try to capitalise on togain support

Review current relationships withprivate sector companies, civil societyorganisations and the media to developspecific actions to improve same

Review strategies and legislation in thearea of CT to ensure attacks oninformation systems are included

Review CT and CVE Strategies to ensureconsistency and complementarity withCyber Security Strategies

Review CVE strategies to ensure greateralignment with the EU Strategy forCombating Radicalisation andRecruitment to Terrorism

Develop a Western Balkan version of theRadicalisation Awareness Network

Develop and adopt a Western BalkansAgenda on Security

Establish a Western Balkans ReferralUnit

Develop better relationships with majortech companies and CT forums

Take an intelligence and evidencedapproach to make access to terroristcontent as difficult and costly aspossible

Ensure a consistent approach toextremism and extremist online content

REGIONALLEVEL

NATIONALLEVEL


Recommendations for improvement of Cyber Security

rcc.int RegionalCooperationCouncil @rccint RCCSec

Regional Cooperation Council Secretariat

Trg Bosne i Hercegovine 1/V

71000 Sarajevo, Bosnia and Herzegovina

+387 33 561 700 +387 33 561 701 [email protected]

Regional Cooperation Council

https://www.rcc.int/

https://www.facebook.com/RegionalCooperationCouncil/

https://twitter.com/rccint

https://www.youtube.com/user/RCCSec

https://www.linkedin.com/company/regionalcooperationcouncil/

a new virtual battlefield web.p… · radicalisation) in the western balkans, commissioned by the...

Documents