Skip to main content

Case study: Building cyber resilience in Albania, Montenegro and North Macedonia

  • Good practice

In September 2025, the e-Governance Academy concluded the Western Balkan Cybersecurity Rapid Response 2.0 project, designed to strengthen the cyber resilience of Albania, Montenegro and North Macedonia in line with EU legal frameworks and best practices. 

The project aimed to enhance the region’s preparedness for large-scale cyber incidents by strengthening technical and operational capacities, fostering inter-institutional coordination and safeguarding democratic processes.

Background 

Russia’s war of aggression against Ukraine threatens not only Ukraine’s sovereignty and territorial integrity, but also regional stability and security both within the European Union and in its neighbourhood. It has heightened cybersecurity concerns and underscored the need for stronger resilience across Europe and its partners.

In response, the EU has stepped up its engagement with the Western Balkans. Such efforts have been crucial for countries exposed to greater risks because of their alignment with EU sanctions on Russia.

Across the region, cyberattacks have grown more frequent and sophisticated, particularly since Russia’s invasion of Ukraine, with hacker groups using the Balkans as a testing ground for hybrid warfare tactics. These incidents highlight broader strategic risks for Europe.

Cybersecurity is also about safeguarding democracy. Over the past decade, elections worldwide have become frequent targets of cyberattacks, often combined with disinformation campaigns and hybrid tactics. Electoral processes depend heavily on digital infrastructure, making it essential to secure the systems that uphold the integrity of democratic institutions.

Additionally, this Project has been part of the European Union’s broader goal to prepare the Western Balkans for future EU membership, as robust cybersecurity is a fundamental prerequisite for accession.

Cybersecurity capacities in the Western Balkans have historically been fragmented, with resources unevenly distributed. At the beginning of the Project, the international audience witnessed a rise in the frequency and sophistication of cyber incidents in Albania, Montenegro, and North Macedonia, while the capacity to detect, analyse, and coordinate responses remained limited. In some countries, practical readiness is still developing, and cross-border cooperation is only starting to take shape.

Alex Ashby, Project Expert at eGA, recalls the starting point: “We were looking at a region with significant motivation, but with big gaps in both hardware and human resources. There was no lack of will – the challenge was to translate that motivation into structures, skills, and operational capability. Enthusiasm and ambition were not in short supply, but you cannot build resilience on motivation alone. You need the architecture and the practice to make it real.” 

 

Key highlights 

For a year and a half, the three countries benefited from essential support and resources to boost their cyber capacity.

Montenegro’s experience showed how strengthening cybersecurity requires progress on multiple fronts. The most visible step was the establishment of the Government Cybersecurity Operations Centre (GSOC), a central point to monitor, prevent, detect, investigate, and respond to cyber threats across government systems.

By creating a dedicated hub, Montenegro gained the ability to detect attacks in real time, coordinate responses across ministries, and ensure that incidents no longer remain isolated within individual agencies.

 

High-level Opening of Montenegro’s Government Cybersecurity Operations Centre (GSOC) in October 2024.
High-level Opening of Montenegro’s Government Cybersecurity Operations Centre (GSOC) in October 2024.

 

In Albania, the Project worked closely with the National Agency for Information Society (AKSHI) and the National Cyber ​​Security Authority of Albania (AKSK) to build and expand their operational cybersecurity capabilities. Together, these institutions received 155,500 euros worth of advanced cybersecurity software packages, such as Greynoise, Acunetix, and Cognyte Luminar.

“With the integration of these tools, our teams can now monitor, scan, and analyse threats much more effectively. Beyond just acquiring software, we wanted to be able to act quickly and confidently,” commented Igli Tafa, Director General of AKSK.

Alex Ashby added that these tools have been transformative in detecting and addressing web application vulnerabilities across government and critical sectors.

“The agencies have used the EU funds to address a wide range of cybersecurity issues nationwide. This has led to measurable and rapid improvement in cybersecurity, a fitting response to the attacks of 2022 and testament to the dedicated work of the staff in Tirana and Brussels,” he added.

In North Macedonia, the cooperation was underscored by important political developments. During the project timeline, regular parliamentary elections (alongside presidential elections)  took place in North Macedonia in April 2024, and local elections are scheduled for October 2025. Cyberattacks during the recent election period highlighted the need to strengthen preparedness, as weak institutions and limited coordination could threaten citizens’ trust in democracy.

Through the project, North Macedonia received the necessary tools and licences for election cybersecurity, together with assistance for configuration and operator training. Additionally, the State Election Committee of North Macedonia was reinforced with local junior cybersecurity experts.

eGA also drafted the comprehensive cybersecurity assessment of election management systems in North Macedonia to support institutions and reinforce election cybersecurity. The assessment offers an overview of election and election-related ICT management and infrastructure in North Macedonia, along with recommendations for risk mitigation.

On 9 April 2025, eGA organised Elections Cybersecurity Workshop examining the potential risks posed by cyber and cyber-enabled threats to the electoral process. ​

The Minister of Digital Transformation of North Macedonia and the Ambassador of the EU Delegation to Skopje welcomed the initiative and the guidance given for improving the electoral ecosystem. ​

During the workshop, international experts from Estonia presented the key findings of the comprehensive cybersecurity assessment of election management systems, including identified risks, vulnerabilities and best practice recommendations. All participants accepted that the threats and risks presented in the report were valid and important.

 

Trainings and workshops 

The new capacities were complemented by trainings and simulations designed to test operational readiness in practice. Throughout the project, fourteen cybersecurity trainings and workshops were held for cybersecurity experts from Albania, Montenegro, and North Macedonia to improve their incident detection, investigation, and mitigation skills.

For Albanian experts, the trainings showed the importance of pairing technology with clear procedures and ongoing cooperation. Simulations often revealed vulnerabilities in systems and communication gaps between institutions.

“Coordination failures can be as dangerous as technical weaknesses, because attackers exploit confusion as much as they exploit software flaws,” stressed Ashby. This insight guided efforts to standardise reporting channels and strengthen crisis communication.

Another benefit was linking national experts with peers from other countries. Participants highlighted that benchmarking their practices against EU partners helped them refine approaches and adopt new methods more quickly. Joint discussions encouraged technical upgrades and a shared sense of responsibility across agencies.

Alex Ashby, who has been collaborating with governments in the Western Balkans for a number of years, also pointed to the value of external benchmarking and peer learning.

“By connecting local professionals with Estonian and EU experts, countries in the Western Balkans could measure their progress and adapt international practices to their own context. This way, you can build resilience through three intertwined strands: skills, systems, and sustained cooperation,” he added.

Workshops also emphasised ethics and accountability. Albanian officials reflected that training sessions encouraged them to see cybersecurity as a responsibility toward citizens whose data and trust are at stake.

For Montenegro, the trainings were especially useful for less experienced specialists who benefited from direct contact with experts from Estonia and elsewhere in Europe.

“It created real opportunities for our younger colleagues. They gained practical skills and confidence to contribute to our national cybersecurity efforts,” commented Dušan Polović, Director General for Infrastructure, Information Security, Digitalisation and e-Services at Montenegro’s Ministry of Public Administration.

The personal impact was clear: young participants who had never before engaged in live-response simulations took part in exercises that mimicked real cyberattacks. These opportunities, Polović explained, made them feel trusted.

“When younger colleagues see their skills recognised, it gives them the confidence to keep building a career in cybersecurity at home, not abroad,” he added.

 

Experts at the Regional Cybersecurity Live-Fire Exercise.
Experts at the Regional Cybersecurity Live-Fire Exercise.

 

Ashby reinforced this lesson: “Hardware without skilled people is not enough, and skills without organisational support cannot scale. What mattered most was bringing together the technical and the motivational.” 

He frequently emphasised that effective training requires a balance between top-down leadership and bottom-up expertise: “You can draft a strategy in a ministry, but if people on the ground don’t know how to act, it won’t matter. Equally, talent on the ground needs structures above them that support and empower their work.”

Montenegro also worked on improving institutional readiness and the reliability of its cyber infrastructure. National authorities engaged in joint exercises that tested staff skills and the resilience of technical systems and procedures.

We realised our networks were not always giving us the information we needed in real time. The project helped us define what needed to change and gave us the confidence to start fixing it,” explained Ashby.

The final step was to embed these capacities into national planning and governance. Montenegro began to integrate the lessons learned into broader security and development strategies, ensuring that cyber resilience would not remain confined to technical teams.

This included collaboration with the private sector – from internet service providers to critical infrastructure operators – to reflect the fact that cyber threats cross public-private boundaries.

As Polović summarised, The project showed us that cybersecurity has to be part of how we think about national progress. It is not separate from growth, but one of the conditions for it.”

Impact 

Ashby described impact not in terms of single activities but in terms of habits and networks. He underlined that the Project created routines of preparedness that institutions now carry forward.

Trainings and cross‑border simulations proved especially important, giving ministries and CSIRTs the chance to practise together, reflect on their performance, and adjust procedures in real time. These rehearsals, he explained, built trust and confidence as much as technical skill.

For beneficiaries, the real legacy lies in a shift in mindset. As Igli Tafa, Director General of AKSK of Albania, remarked, “Cybersecurity has moved from theory to practice. Our institutions are no longer reactive only – they can anticipate, share, and support each other.” 

The combination of new software, clear procedures, and cultural change has already shifted institutional mindsets. As one participant observed during the project meetings, “We are no longer thinking only of reacting to incidents. We are learning to anticipate them and to work with others to prevent damage before it happens.”

Across the region, cooperation structures have begun to replace fragmentation with collaboration. As Dušan Polović stated, “The most important outcome is that we no longer feel isolated. There is a community now, and Montenegro is part of it.”

Igli Tafa also noted how the support has changed the culture of collaboration: “This project helped AKSK work more closely with other actors. That coordination is vital, because cybersecurity does not stop at institutional borders.”

The results highlight a key lesson: cybersecurity is not merely a matter of buying software or drafting laws. It is the convergence of people, institutions, and technology, brought together under a shared commitment to security.

Ashby clearly stated, “You cannot treat cybersecurity as a national competition. The strength of one country depends on the strength of its neighbours.”

National authorities must keep investing in their people, updating their tools, and deepening regional cooperation. Alex Ashby, Project Expert at eGA, reflected on the next steps: “We should not underestimate the enthusiasm we saw from institutions and individuals. That energy is the best guarantee for the future.” 

The Western Balkans may still face evolving cyber threats, but with sharper tools, stronger institutions and a generation of professionals determined to protect their countries in the digital age.

 

Key outcomes

  • Fourteen regional trainings, workshops and exercises improved practical cyber incident management skills based on real-world cyber threat scenarios.
  • Albania gained new cybersecurity software packages, such as Greynoise, Acunetix and Cognyte Luminar.
  • Montenegro opened the Government Cybersecurity Operations Centre (GSOC) to monitor, prevent, detect, investigate, and respond to cyber threats. The Centre also received operational and infrastructure support.
  • International mentors advised Albania and Montenegro on mandatory cybersecurity information-sharing principles and protocols, as well as establishing full-scope cybersecurity capacity.
  • Supported local SOC/CSIRT teams operational capacities with additional staff in Montenegro and North Macedonia.
  • Montenegro and North Macedonia received Cyber Threat Intelligence Platform subscription licenses.
  • North Macedonia received the necessary tools and licences for election cybersecurity, together with relevant assistance for configuration and operator training.
  • The State Election Committee of North Macedonia was supported with local junior cybersecurity experts.
  • Provided advice and a comprehensive cybersecurity assessment of election management systems in North Macedonia.

Interested in more? 

This article was created by Kristiin Jets, e-Governance Academy

Related stories

See all stories
See all stories

 

 

 

 

‘2025 © All rights reserved.