The intelligence agencies and their activities play a crucial role in maintaining national security and foreseeing potential dangers and threats. Intelligence, in its most basic definition, is the gathering of information, news, and data, as well as their classification, processing, and output generation. In this sense, intelligence is characterized as the presentation of the obtained outputs to decision-makers. Therefore, intelligence plays a role in policy making. Many sources are used when performing intelligence operations. There are various classifications available, such as intelligence obtained from human-based sources, intelligence based on geographical data, and intelligence obtained from open sources. In this context, intelligence activities carried out through cyberspace are also referred to as “cyber intelligence.”
Cyberspace, or the “cyber realm,” is now a part of modern society, government, and state affairs. Most institutions’ infrastructure now functions by being connected to the world wide web. Many operations at the state level are carried out in the virtual world, and therefore a large amount of data is located in the virtual world. This brings with it a number of risks and threats.
In this context, many situations, ranging from data theft to destruction and damage to systems by unauthorized access to these infrastructures to harm states and their institutions, are characterized as cyber threats or “attacks.” While the sources of cyber-attacks are sometimes various groups and organizations, states often carry out cyber-attacks against other states. As a matter of fact, the number and extent of cyber-attacks against Western Balkan countries such as Bosnia and Herzegovina, North Macedonia, Montenegro, Albania, Kosovo and Serbia have recently increased.
In addition to threaten national security, cyber-attacks also expose intelligence vulnerabilities in the relevant countries. The area has become a test site for cyberattacks due to its inability to detect attacks, respond in a timely fashion, and take the appropriate precautions.
When cyber-attacks against the countries of the region are examined, it is understood that attacks are carried out through ransomware. A cyber group targeted the Serbian city of Novi Sad in 2020 and used ransomware to encrypt its administration systems. It demanded payment to end the attack. Later, with the intervention of a company based in Serbia, the attack was brought under control.
Another example of an attack was seen in North Macedonia in July 2020. Attacks were made on election commissions’ websites on election day, which sparked a lot of speculations. Even though the election was held in a democratic context, the fact that the cyberattack happened right after the polls were closed, has cast a shadow over the trust in the results. Moreover, the fact that this attack could not be detected in advance has revealed North Macedonia’s lack of cybersecurity.
The fact that this incident occurred just a few months after Macedonia joined the North Atlantic Treaty Organization (NATO) in March 2020 is also significant. However, other NATO allies in the region are also the target of cyberattacks. For example, Montenegro, which has been a NATO member since 2017, was subjected to an intensive cyber-attack in August 2022. As a result of attacks on the servers of state-owned sites, the internet pages of many public institutions crashed and the infrastructures of these sites were damaged. In the first statements made after the incident, authorities of Montenegro suggested that a Russia-based group may be behind the attacks.
It should be mentioned that, despite the fact that the Russian-Ukrainian War is still ongoing, it is still possible that Moscow was taken up such an attack. It might be said that the Kremlin views Montenegro, which has been unfriendly towards Russia since 2017, as an adversary or a threat. However, as a result of the investigations carried out, it was revealed that a criminal organization called “Cuba Ransomware” was taken up the attacks.
On the other hand, according to the statement of the Government of Kosovo on February 26, 2022, the nation had been the target of “phishing”, meaning that it was an e-fraud attempt. Furthermore, during the attack that occurred in September 2022, access to the internet for Kosovo’s official institutions was blocked, and the situation was brought under control thanks to the authorities’ intervention.
Bosnia and Herzegovina, which is contending with rising nationalist and separatist rhetoric, is one of the nations that claimed to be a target of cyberattacks. In a statement made by the Intelligence-Security Organization of Bosnia and Herzegovina (OSA BiH), it was stated that a “hybrid war” was being waged against public institutions and that attacks on OSA BiH had increased recently. It has been emphasized that the goal of these attacks is to destabilize the nation.
Albania, on the other hand, has faced various cyber-attacks since July 2022. While these cyberattacks have prevented access to the official internet pages of public institutions, there have also been issues with the customs control system. The analyses revealed that these attacks were highly organized and sophisticated. The justification for these attacks was Albania’s status as a NATO ally and its ongoing European integration process. The attacks were carried out by Iran, according to Microsoft, which worked with the Albanian government on the matter. As a result, Tirana has severed diplomatic ties with Tehran and labeled Iranian diplomats stationed there as “persona non grata.”
When these developments are taken into consideration, it can be argued that the majority of the Western Balkan countries anticipated cyberattacks but lacked the resources to defend against them. The intelligence services’ limited capabilities in the relevant nations are arguably the main cause of this. Because these governments, which entered a period of transition when Yugoslavia collapsed, have yet to be able to establish some of its institutions on a firm foundation. Institutions like these include intelligence agencies.
The region has not yet achieved sustainable stability and has not advanced economically enough, which is the fundamental cause of the condition. For example, OSA BiH, one of the intelligence agencies of Bosnia and Herzegovina, is still making headlines with alleged corruption. Additionally, this undermines public confidence in the organization. Furthermore, one of the things that undermines trust is the detention of OSA BiH Director Osman Mehmedagic for prior abuse of his office. Additionally, Bosnia and Herzegovina’s political system’s complicated decision-making processes and its cumbersome bureaucracy hinder institutional performance.
In addition to all of these issues, intelligence agencies’ active activity is hampered by the lack of communication among institutions in the region’s nations. This prevents these institutions from fulfilling their duties in situations that require rapid response, such as cyber-attacks. In short, cyber-attacks pose a serious threat to the security of the region and the sustainability of stability. In fact, these assaults on governmental institutions have the potential to revive long-standing issues in the area.
The region has recently seen an increase in cyberattacks, which has prompted the countries to seek international collaboration because the lack of capacity in the region made it necessary. In this context, the Western Balkan Digital Security Forum, which was held in Estonia in June 2022, is very important in terms of seeking cooperation. While placing a strong emphasis on collaboration, it was also stressed that money spent on cyber security should be viewed as an investment.
In addition, it was stated that the relevant legislation should be reformed in the Western Balkan countries in terms of building capacity for cybersecurity and intelligence. The Western Balkan nations, on the other hand, have started to work on building “resilience” against cyberattacks in the region, according to a statement from the European Union (EU) Cybernet. In this perspective, strengthening the cyber security competence and resilience of the Union is intimately tied to the significance the EU accords to cyber security. It is also noteworthy that the United States Cyber Command (USCYBERCOM) and Montenegro are carrying out a joint work in the field of cyber security towards the end of 2019. This shows the importance that the US attaches to cyber security in the region.
As a result, while the reflections of the Russia-Ukraine War, which continues with increasing violence, are observed in various dimensions in the Western Balkans. By utilizing the weaknesses of the states as an advantage, actors with interests in the region, like Russia, take action to exacerbate instability. As it was already mentioned, although recent efforts have been made to improve capacity in the field of cyber security, the region still needs time to develop its intelligence agencies and protection against cyberattacks.
 Milica Stojanovic et al., “Cyber-Attacks a Growing Threat to Unprepared Balkan States”, Balkan Insight, https://balkaninsight.com/2021/03/10/cyber-attacks-a-growing-threat-to-unprepared-balkan-states/, (Date of Accession: 01.10.2022).
 “Vučević: Novi Sad pod nekim vidom terorističkog napada, nije bomba, Bogu hvala”, N1 Info, https://rs.n1info.com/vesti/a574932-sajber-napad-na-novi-sad /, (Date of Accession: 01.10.2022).
 “Flawed Cybersecurity Is a Ticking Time Bomb for the Balkans”, Foreign Policy, https://foreignpolicy.com/2021/01/04/flawed-cybersecurity-is-a-ticking-time-bomb-for-the-balkans/, (Date of Accession: 01.10.2022).
 “Montenegro Wrestling with Massive Cyberattack; Russia Blamed”, NBC News, https://www.nbcnews.com/tech/security/montenegro-wrestles-massive-cyberattack-russia-blamed-rcna47277, (Date of Accession: 01.10.2022).
 “Iz Vlade tvrde da iza sajber napada na crnogorske institucije stoji ‘Kuba rensomver’”, Radio Slobonda Evropa, https://www.slobodnaevropa.org/a/crna-gora-sajber-napad-kuba-rensomver/32012953.html, (Date of Accession: 01.10.2022).
 “Institucionet e Kosovës shënjestër e një sulmi kibernetik, por pa don’t say”, Klan Kosovo Tv, https://klankosova.tv/institucionet-e-kosoves-shenjester-e-nje-sulmi-kibernetik-por-pa-deme/, (Date of Accession: 01.10.2022).
 “OSA BiH: Hybridni rat protiv institucija BiH, svešći napadi na našu Agenciju”, N1 Info, https://ba.n1info.com/vijesti/osa-bih-hibridni-rat-protiv-institucija-bih-sve-cesci-napadi-na-nasu-agenciju/, (Date of Accession: 01.10.2022).
 “Neprestani sajber napadi širom Zapadnog Balkana ističu potrebu za organizovanim pristupom bezbednosti”, Global Voices, https://sr.globalvoices.org/2022/09/neprestani-sajber-napadi-sirom-zapadnog-balkana-isticu-potrebu-za-organizovanim-pristupom-bezbednosti/, (Date of Accession: 01.10.2022).
 “Tužilaštvo BiH traži pritvor za Osmana Mehmedagića”, Al Jazeera Balkans, https://balkans.aljazeera.net/videos/2021/9/8/tuzilastvo-bih-trazi-pritvor-za-osmana-mehmedagica, (Date of Accession: 01.10.2022).
 “Main Takeaways from the Western Balkan Digital Security Forum”, e-Governance Academy, https://ega.ee/blog_post/main-takeaways-digital-security-forum /, (Date of Accession: 01.10.2022).
 “Western Balkans Cyber Capacity Building Coordination Meeting”, EU CyberNet, https://www.eucybernet.eu/event/western-balkans-cyber-capacity-building-coordination-meeting, (Date of Accession: 01.10.2022).