In 2020, 2 million euros were stolen from Kosovo’s state treasury in a cyberattack in which a fake user account gained access to the system where Kosovo’s state budget was managed. A year later, shortly after Kosovo’s 2021 elections, another cyberattack targeted websites of institutions including Kosovo’s Ministry of Finance and disrupted the tax department, which was working with the Ministry of Finance to read property tax invoice data. 

Cybercrime and cyberattacks like these have reshaped the security landscape in Kosovo. Such attacks include hacks of government systems, banking institutions, private companies and private individuals, causing mass disruptions to economic activity, delivery of basic services, state functioning and regular people’s daily lives. 

Growing reliance on digital networks and online services — among governmental institutions, private companies, nongovernmental organizations and individuals — has increased Kosovo’s vulnerability to cyberattacks and dependence on fragile digital defenses. In Kosovo and beyond, everything from financial transactions to power grids relies on digital infrastructure like data centers, cloud services and communication networks. That reliance incentivizes malign actors to target this infrastructure. 

Threats now range from ransomware attacks to state-sponsored hacking and disinformation campaigns, each posing substantial risks to national security and economic stability. Attacks can be perpetrated by foreign adversaries or politically-motivated groups seeking to influence elections or destabilize societal trust. They can also be carried out by financially-motivated state or non-state criminal actors.

In Kosovo, the lack of cybersecurity experts, lack of public awareness about risks and reporting mechanisms like those created by Kos-CERT, the National Cyber Security Unit, plus poor coordination among institutions, means that cyberattacks have historically encountered minimal obstacles.

Kosovo isn’t alone in grappling with how to respond; in 2024, global cybercrime cost the world $9.5 trillion, more than the economy of every country except for the U.S. and China. But these attacks underscore how important it is for Kosovo’s security sector to take stronger defensive measures. In such a threat environment, the sector must be agile and forward-looking, prepared to face modern threats that transcend national borders. Is it up for the challenge?

A government plan

Kosovo’s National Cyber ​​Security Strategy 2023-2027 presents a plan of strategic directions, approaches and objectives approved by Kosovo’s government on improving the security and sustainability of national infrastructure and services. It aims to create a cybersecurity approach rooted in national objectives and priorities to be achieved between 2023 and 2027. 

The strategy declares that “Kosovo will create a safe and stable online environment for all citizens, businesses and government, working to reduce vulnerabilities and develop skills and capacities to address cybersecurity issues by preventing and minimizing harm.” This is to be done by working on the legal framework and methods to identify all critical information infrastructure entities and ensure that they have the capacities needed for reducing cyber risks. 

Next, the strategy calls for creation of a clear framework for cooperation with other countries to prevent, detect, alert and address cyber incidents. This includes promoting international cooperation on cybersecurity and cooperation on combating cybercrime, along with using diplomacy to coordinate efforts to counter cyber aggression, also known as cyber diplomacy. 

The strategy further calls for protecting critical information infrastructure, essential services and the community by safeguarding government data, systems and networks. Additionally, it spells out the need for creating mechanisms, guidelines and forums to help businesses meet cybersecurity standards, promote cybersecurity startups and attract investment and develop and maintain cybersecurity capacity-building, like training for officials. It also details the need for a cybersecurity curriculum for schools and universities.

Security institutions must modernize and adapt

The Kosovo Police is Kosovo’s main law enforcement body. Its specialized units, like the Counter-Terrorism Directorate and the Cyber ​​Crimes Unit, are tasked with addressing threats like terrorism, cybercrime and other contemporary security challenges. Yet despite the positive steps of creating these specialized units, the police need more resources and technology essential for effectively managing complex and modern challenges like data threats, ransomware and cyberterrorism.

The Kosovo Intelligence Agency (KIA), which was established in 2009, independently gathers and analyzes intelligence about internal and external threats. The KIA shapes Kosovo’s response to modern security challenges like transnational criminal groups, violent extremist groups, cybercrime and more.

Though there is much work to do, these institutions and the state as a whole have made strides toward increasing counter-cyberthreat capacities. For instance, Kosovo’s Agency for Cyber Security was established and the Law on Cyber Security was enacted. The law establishes cybersecurity principles, the institutions that develop, implement and promote cybersecurity policies, cybersecurity authorities’ responsibilities, inter-institutional cooperation and cyberattack prevention in Kosovo. But across the board, further work remains for developing programs that focus on combating cyber threats.

The police Cyber ​​Crimes Unit and Counter-Terrorism Directorate receive essential training and resources from NATO and the EU. Yet with new and more sophisticated threats, these bodies must continue to modernize and adapt. The current training fails to keep the needed pace, limiting Kosovo’s ability to detect, prevent and respond to modern security threats. While basic training programs cover conventional law enforcement and investigative techniques, additional competencies are required for identifying, testing and applying updates to software and systems that would fix security vulnerabilities, bugs and performance issues.

Across state and non-state institutions in Kosovo, there is also a lack of effective, strong authentication methods like just-in-time access, which provides time-limited access to whichever platform the user is logging in to. Passkeys — cryptographic login credentials tied to a specific device, a secure alternative to passwords — are also not as present as they could be. Passkeys are much harder to steal or replicate than regular passwords.

To address these shortcomings, successive governments have engaged in collaborative efforts with international partners like NATO, EULEX and the U.S. to provide training and technical expertise. For example, in September 2024, CRDF Global, a U.S.-based independent nonprofit that aims to promote safety and security through scientific knowledge and awareness, organized, along with the U.S. State Department, a cyber security training and incident response preparedness for public sector employees in Kosovo. These employees came from Computer Security Incident Response Teams (CSIRT) from various government sectors.

Such collaboration — enhancing cross-border judicial cooperation through Eurojust, the European Union Agency for Criminal Justice Cooperation, is another example — has introduced modern training methods, helping Kosovo adopt international best practices. Additional intelligence analysis and operational coordination, supported by the Western Balkans Criminal Justice Project, hosted by Eurojust, contributed to new international practices, investigations and arrests.

An evolving and dangerous field

Bolstering defenses against cybercrime in Kosovo requires a significant increase in cybersecurity infrastructure. One thing that could be focused on more is behavioral analytics, or user entity and behavior analytics (UEBA). Through UEBA, organizations can improve cybersecurity through monitoring and analyzing user activity to identify unusual patterns. 

For a hypothetical example, take e-Kosova, Kosovo’s digital portal for services like paying taxes or applying for permits. If a user usually logs in to the portal in Prishtina, during working hours, and then someone tries to log in from abroad in the middle of night, UEBA will flag this as suspicious. The system could then pop up an alert asking the user to confirm the login or put a temporary hold on the account until the activity can be confirmed. Detecting such anomalies at an early stage helps organizations and companies prevent unauthorized access to sensitive government information and ensure secure citizen services.

Given the connections between cyberspace and the economy, Kosovo’s security institutions should also pursue public-private partnerships. Collaboration with the private sector, particularly in telecommunications and technology, can provide valuable resources, expertise and innovation to strengthen national cybersecurity efforts. 

Estonia is one case Kosovo could use as a blueprint. Estonia’s Cyber Defence Unit, established as part of its National Defence League, brings together private companies, the government, volunteers and technical experts. All have played key roles in making Estonia a cybersecurity pioneer. 

Because of these efforts, Estonia ranks fifth-highest for cybersecurity preparedness on the National CyberSecurity IndexNCSI, an Estonian platform that measures countries’ cybersecurity capacities. The index evaluates indicators such as a country’s capacity to deter cyber threats, respond to cyber incidents and contain mass crises. Kosovo, unfortunately, is not one of the 62 countries the index considers. 

Kosovo’s cybersecurity posture requires more than just legislation. A huge need for investment in cutting-edge technology and more specific and specialized training remains. This would create a base of private sector and government experts who could work together to craft able cyber defenses, as has been the case in Estonia. 

International partnerships must also be prioritized. Preventative measures, a commitment to innovation and technological development that incorporates international expertise are crucial for Kosovo’s security sector, and for building a more secure and prosperous life for Kosovo’s citizens. 

Feature image: K2.0.

Want to support our journalism? Become a member of HIVE or consider making a donation. Learn more here.