A recent cross-functional cyberattack simulation in the Western Balkans has revealed just how quickly a digital breach can escalate into a full-blown crisis, threatening not only data but also critical infrastructure.
Tirana hosts crucial cybersecurity simulation for the Western Balkans.
Held on 11–12 June 2025 in Tirana, at the Cybersecurity Lab of the Albanian National Cyber Security Authority (AKSK), the exercise—organised in collaboration with eGA—brought together cybersecurity specialists, legal advisors, and crisis managers to respond to a simulated cyber incident that escalated from a basic phishing email to a threat targeting industrial systems.
Participants had little idea what was coming. The drill, designed to mimic the chaos and unpredictability of a real-world cyberattack, challenged teams to act quickly and work together. What began as a seemingly isolated email compromise promptly unfolded into a coordinated malware attack, a data leak, and finally an escalation into systems that control vital operational infrastructure.
Beyond IT: Cyber drill integrates legal and management teams in crisis response.
It was not just a technical exercise. The simulation also required the engagement of legal and management teams. While IT experts raced to contain the damage, leadership had to consider business continuity, media strategy, and regulatory disclosure obligations under frameworks such as the GDPR. Legal teams were tasked with advising on when and how to notify authorities, while ensuring that the response remained compliant with international standards.
Industrial Systems Under Threat: OT/ICS was a key focus of the cyber exercise.
Crucially, the exercise did not spare industrial systems. When the simulated attack spread to OT/ICS (Operational Technology / Industrial Control Systems), the urgency shifted. These are not just servers and spreadsheets; they are the digital nervous systems that keep factories, transport, energy, and water systems running. Their compromise, even in a simulation, prompted intense conversations about physical safety, supply chain disruption, and the real-world implications of cyber negligence.
Bridging the gap: The importance of cross-departmental communication in cyber defence.
One of the most revealing aspects of the drill was the interaction between departments that rarely work side by side. Communication gaps became obvious. Some teams moved quickly, others waited for approval. At times, confusion edged in not because of incompetence, but because organisations are often fragmented, and cyber threats do not respect such divisions.
Key takeaways: lessons learned from the Western Balkans Cyber Drill.
Yet the value of the exercise lay in these moments of friction. By surfacing weaknesses in a controlled environment, participants were able to propose tangible improvements. There was no finger-pointing, but rather a shared recognition that defending against modern cyber threats requires more than just good software. It demands trust, coordination, and a clear understanding of roles under pressure. For a region still developing its cybersecurity capacity, the lesson was clear: it is not enough to invest in tools. The people behind them must be trained to respond in real time, across disciplines, and with a shared purpose. The inclusion of OT/ICS systems in the exercise was a deliberate choice, and one that many participants said changed their view of cybersecurity entirely. Protecting data is important, but so is maintaining essential services, such as keeping the lights on, the water running, and the trains moving.
Future forward: enhancing cyber preparedness in a digital world.
More such simulations are planned, with broader participation and more complex scenarios. The goal is not perfection, it is preparedness. As digital systems increasingly underpin everything from banking to border control, preparedness is fast becoming the foundation of national and international security.
