The Balkans CyberSecurity Days Conference: Reflections by Phil Sheriff

The second Balkans CyberSecurity Days conference took place between 20−22 March 2024 in the seaside resort of Durres in Albania. Sponsored by FIRST, DCAF, and the UK FCDO, the event featured a joint RHUL/Oxford University paper on the importance of impact evaluation for Cybersecurity Capacity Building (CCB). The event was funded via the FCDO’s programme on ‘Good Governance in Cybersecurity in the Western Balkans’.

The plenary sessions emphasised the need for capacity building and community cohesion due to the scarcity of resources and the collective threats facing all Balkan nations. Some threats were shared, but some were nation-specific, with Albania (an EU candidate country) having been affected by a highly sophisticated, multi-team Iranian attack in 2022. The attack happened in the same month that the ‘Free Iran World Summit’ was being hosted in Durres and even in February 2024, the country was alleging that Iranian-backed cyber-gangs were still targeting it. That the Balkans Cybersecurity conference was taking place two years later in the same resort is, I would imagine, not a coincidence. As my supervisor Professor Klaus Dodds, a political geographer, is constantly reminding me, conference geographies matter.

A fascinating breakdown of the 2022 attack, explained in detail on the second day of the conference, demonstrated the importance of cyber-defence in depth, and lessons were learned. The Albanian presenters spoke at length about steps taken, with Albania now ahead of more cyber-mature nations with regards to zero-trust architecture for government networks. In a similar way to the security investments that resulted from the attempted Bangladeshi Development bank cyber-heist in 2016, sometimes it takes close calls to focus policy development and the galvanization of resources.

The presentations followed the theme of the opening address, with the keynote talk and panel discussion focusing on workforce resourcing constraints and the challenges of attracting and retaining cyber-talent. Plenary sessions were broadly divided into technical and strategy, with the Oxford−RHUL presentation being bracketed by presentations on the Albanian Critical Information Infrastructure strategy and the challenges faced by Western Balkans countries in National Cybersecurity Strategies. Again, the themes were clear — the joint threats and shared resource constraints required collective responses by the cybersecurity communities of the Western Balkans and beyond. The RHUL part of the presentation, which focused on the better use of resources to achieve collective impacts in capacity building, neatly fitted the session narrative.

The technical sessions on the second day were highly interactive. Presentations on attacks and threats were followed by tabletop exercises (TTXs) on phishing attacks and ransomware. The realism of the fictional scenario was demonstrated when one delegate talked through an attack that happened in an almost verbatim manner to the presented scenario (even to the duration of the HR manager’s time on vacation at the time of the attack, although in reality his name was not ‘Bob’). There was a high degree of shared understanding of threats and likely responses, as well as an impressive collective knowledge across a range of complex technical, social, and geopolitical issues.

On a personal front, I have witnessed first-hand the divisive nationalism that has permeated Balkans societies, and particularly Bosnia Herzegovina, first in the Army in the late 1990s, and again as a diplomat in the late 2000s. It was, in that respect, heartening to return to the Balkans, and sit past midnight in a smokey restaurant with the Kosovan sponsor, Serbian cyber specialist, and Bosniak military officer, drinking Albanian wine, with no hint of a nationalistically infused Balkans history lesson or political finger-wagging that have been the themes of similar encounters in my previous roles. Maybe the very real, external, borderless nature of the threat, the similarly borderless nature of some critical infrastructure that is the target of such threats, and the recognition that nations are not sufficiently resourced to counter it alone, can achieve a unity and community that political leaders in the region have so far failed to achieve.

The importance and depth of broader relationships was clear too. With a nod to the recent Chinese IP theft, one Western Balkans delegate explained, only half jokingly, why, when choosing hardware and software, they always erred on the side of ‘western’ equipment. ‘If our data is going to end up in the hands of any state, it would be better if that state was our friend’. The event brought two powerful forces to the fore: the harsh geopolitical realities of working in a world where Iran, China, and Russia are understood as bad faith actors; and the resourcing context, where Albania and others face difficult conflicting domestic priorities. Albania has been hit by high levels of public debts and faces considerable challenges meeting EU entry requirements.

A lot of resources, time, and money, go into organising such conferences, and a theme of my PhD research project is how best to measure the impact of such resource expenditure. Demonstrating the seemingly intangible benefits of sharing cyber-experiences via TTXs and connections made via the conference environment is far from straightforward, but nonetheless important as resource constraints continue to challenge national budgets and competing workforce priorities.