Kosovo – What Followed the CMM Review?

The Capacity Centre continues to apply the Cybersecurity Capacity Maturity Model for Nations (CMM) around the globe: until now more than 14 countries were reviewed together with our strategic partners (inclunding the World Bank, the Commonwealth Telecommunications Organisation and the International Telecommunication Union), and underpinned a regional study in Latin America and the Caribbean through a collaboration with the Organization of American States.

In the following blog post we take a snap-shot of the developments in the Republic of Kosovo (Kosovo) since the CMM review in February 2015, based on the findings and recommendations in the report which was submitted to the government.

The Capacity Centre deployed its newly developed CMM in the Republic of Kosovo (Kosovo) through a collaboration agreement with the World Bank. The review, which was hosted by the Ministry for Economic Development of Kosovo, aimed at enabling the government to determine the areas of capacity the country might strategically invest in to enhance its cybersecurity. During a three-day consultation, researchers from the GCSCC interviewed representatives from various stakeholder groups, including ministries, academia, criminal justice system, private sector, and civil society. Following the review, the GCSCC drafted a report with the findings and recommendations for the Government. This report was submitted to the Ministry for Economic Development and published on its official website and on this Portal.

One year later, the government has made several steps to make the country more cyber secure. Many of the developments since then are based on the concrete recommendations provided by the GCSCC which supported the government to define priorities.

Enhanced coordination, improved incident response, and expanded awareness campaigns

The Ministry of Internal Affairs, and the Minister as its head, has now been appointed as the national co-ordinator for Cybersecurity. The Ministry facilitated the process of the development of a National Cybersecurity Strategy and led multi-stakeholder consultations with experts from other ministries and government agencies. In early 2016, the government adopted the National Cyber Security Strategy and Action Plan 2016-2019. For its implementation, a National Cybersecurity Council was established, which includes representatives of different stakeholder groups, including the technical community. The Council meets quarterly to report and discuss the process of the implementation of the National Cyber Security Strategy and decides on the next steps.

To strengthen the formal coordination between critical national infrastructure (CNI) institutions, the Ministry of Internal Affairs also coordinated activities around the development of a concept document for critical information infrastructure. This document has to be approved by the Government of the Republic of Kosovo and will lead to the development of legislation on CNI.

The Regulatory Authority of Electronic and Postal Communications developed a draft regulation for technical and organisational standards for security and integrity of electronic communication networks and services, with the aim of defining the technical standards necessary to take measures to prevent and manage incidents to ensure the security, integrity and operation of networks and / or electronic communications services. The finalisation of this resolution is expected for the end of September 2016.

A National CSIRT KOS-CERT was established and is about to start its operations in the last quarter of 2016.

The Ministry for Education sustained the cybersecurity awareness campaign programme aimed at students and teachers. The Ministry is now developing a new curriculum, which will engrain IT components in all levels of education.

University of Business and Technology (UBT) and the Centre for Cyber Security and Privacy have established the country’s first academic model Computer Emergency Response Team, called UBT-CERT. This division, which consists of a team of cybersecurity experts, aims to offer strategies, policies and technologies for security and privacy, to give recommendations for tackling incidents, and to provide cybersecurity best cases for the private and public academic sector. It also conducts leading education, research and development functions to anticipate and solve the cybersecurity challenges of the country and the region.

The way forward

Kosovo has made progress in enhancing the country’s cybersecurity capacity. With the development of the National Cyber Security Strategy and its implementation in a co-ordinated, multi-stakeholder approach under the lead of the Ministry of Internal Affairs, was an important step towards a more advanced stage of maturity. The development of the national CSIRT, the drafting of new regulation and laws, as well as the implementation of the cybersecurity awareness and education campaigns are important enhancements.

Beyond that, the government is preparing for new developments on the horizon expected to impact the country’s cybersecurity capacity. These include the expansion of the deployment of broadband infrastructure, the European NIS directive and its consequences, as well as e-commerce legislation.


To get more information of the way Kosovo has taken and the next development steps, please contact Agim Kukaj, Head of ICT Department at Ministry for Economic Development, Government of Kosovo

If you would like to know more about the Cybersecurity Capacity Maturity Model (CMM), please contact the Global Cyber Security Capacity Centre at cybercapacity@cs.ox.ac.uk