TIRANA, March 1, 2019 – The National Authority for Electronic Certification and Cyber Security (AKCESK) published a report assessing the state of maturity of Albania’s cybersecurity. The report relies on the Cybersecurity Capacity Maturity Model for Nations (CMM) methodology, developed by the Global Cyber Security Capacity Centre (GCSCC) of the University of Oxford. The CMM methodology was deployed by GCSCC researchers, in partnership with the World Bank and the Global Cybersecurity Center for Development, part of Korea’s Internet & Security Agency (KISA). The Ministry of Energy and Infrastructure facilitated the work of this partnership in Albania.
“We are glad to have accomplished this new milestone. As an exercise, the CMM was useful in many ways: as an analytical activity, knowledge transfer from international experts, and from the standpoint of national coalition building on cybersecurity. We’re motivated to seize on the opportunities identified by the report, as well as tackle the weaknesses in order to achieve greater levels of cyber capacity to better serve our citizens,” said Ms. Vilma Tomco, General Director of the AKCESK.
“We would like to congratulate Albania on joining the ranks of countries that have performed the CMM assessment, which we regard to be of great value not only from the standpoint of generating analytics but also for building nationwide consensus on cybersecurity status quo and actions. It is equally commendable that the country went ahead with publishing of the report summarizing key findings of this exercise, which would be a useful reference for all those interested in learning about the state of cybersecurity in Albania,” said Ms. Maryam Salim, World Bank’s Country Manager for Albania.
As such, the CMM aims to enable governments to benchmark cybersecurity capacity across five dimensions: cybersecurity policy and strategy; cyber culture and society; cybersecurity education, training and skills; legal and regulatory frameworks; and standards, organisations and technologies. The GCSCC and its strategic international partners have deployed the CMM in more than 60 countries around the world since 2015.
“This was the ninth CMM deployment in Europe and fourth in the Western Balkans. The review provided us with very interesting insights into our research on the maturity of cybersecurity capacity across the world. The gaps that we have identified provide evidence for important needs which are not only specific to Albania but which could also be observed in other countries around the globe, but in particular in the region,” said Professor Michael Goldsmith, Co-Director of the GCSCC. "We hope our work will offer a comprehensive and useful understanding of Albania’s capacity and that our recommendations will contribute to the on-going work to enhance cybersecurity capacity across all five dimensions of the CMM.’’
During the CMM deployment in Tirana on September 3-4, 2018, the following stakeholders participated in roundtable consultations: academia, criminal justice, law enforcement, information technology officers and representatives from public sector entities, critical infrastructure owners and important information infrastructure owners, policy makers, information technology officers from the government and the private sector (including financial institutions and telecommunications companies), as well as international partners.
The findings from these consultations are summarized in the CMM report, which also provides actionable recommendations to AKCESK and the Government of Albania on how to strengthen the country’s cybersecurity capacity. Among the next steps through which Albania could achieve greater cybersecurity capacity researchers highlighted the development of a National Cybersecurity Strategy and the allocation of a dedicated budget to ensure the implementation of a national cybersecurity program. Additionally, aligning the legislative framework with provisions of the EU Directive on security of network and information systems (NIS) and the General Data Protection Regulation (GDPR) is seen as a priority to reach higher stages of maturity.
This assessment was conducted under the Global Cyber Security Capacity Program, for which the financing came from Korea’s Ministry of Strategy and Finance (MoSF), through the Korea-World Bank Group Partnership Facility (KWPF), which is administered by the World Bank. As part of this Program, the country also benefited from a capacity-building workshop delivered in April by the Global Cybersecurity Center for Development, part of Korea’s Internet & Security Agency (KISA). The workshop in December 2018 convened a record number of local cybersecurity experts who got exposed to cutting-edge knowledge on cybersecurity from Republic of Korea.
# # #
For more information about the CMM and the review reports please visit the Cybersecurity Capacity Portal, a knowledge resource about cybersecurity capacity-building around the world: https://www.sbs.ox.ac.uk/cybersecurity-capacity
The Global Cyber Security Capacity Centre is a leading international center for research on efficient and effective cybersecurity capacity-building, promoting an increase in the scale, pace, quality and impact of cybersecurity capacity-building initiatives across the world.
The Global Cybersecurity Center for Development, established in 2015, aims to share practical knowledge and support capacity building in the field of cybersecurity.
The World Bank (International Bank for Reconstruction and Development, IBRD), rated Aaa/AAA (Moody’s/S&P), is an international organization created in 1944 and the original member of the World Bank Group. It operates as a global development cooperative owned by 189 nations. The World Bank has two main goals: to end extreme poverty and promote shared prosperity. It provides its members with financing, expertise and coordination services so they can achieve equitable and sustainable economic growth in their national economies and find effective solutions to pressing regional and global economic and environmental problems.