Bosnia and Herzegovina at a Crossroads for Strengthening Cybersecurity | Balkan Diskurs
Maria Thornton
November 23rd, 2023
In today’s interconnected world, cybersecurity and artificial intelligence have become critical concerns. Yet, Bosnia and Herzegovina finds itself inadequately prepared to confront these growing threats.
Darko Brkan, co-author of the policy brief “Cybersecurity in BiH: Progress, Potential, and Unfinished Business,” warns of the pressing cybersecurity challenges facing Bosnia and Herzegovina (BiH) today. The brief highlights shortcomings in legislation, public awareness, and coordination, emphasizing the need for swift political action in order to protect national security, stability, and peace processes in the country.
Brkan, who identifies several key issues affecting BiH’s cybersecurity readiness, states that one of the most challenging and urgent aspects to consider is disinformation.
One of the critical issues Brkan identified is the absence of adequate legislation and a strategic framework for cybersecurity in BiH. While cybersecurity laws exist at the state and entity levels, they fail to sufficiently address all relevant aspects. Additionally, although BiH has committed to implementing international agreements and conventions, further aligning with European Union (EU) cybersecurity standards is necessary to fortify the country’s cyber defenses.
Brkan acknowledges the recent establishment of a Computer Incident Response Team (CERT) for BiH institutions is a positive step, but he says that’s just one piece of the puzzle.
When asked about the broader solution, Brkan states, “To effectively tackle cyber threats, BiH needs a robust cybersecurity strategy encompassing various areas, including public-private partnerships, regional and international cooperation, and investments in IT infrastructure.”
Cyber threats have transcended borders to become a global issue, and BiH is no exception.
However, the political climate in the country tends to downplay the gravity of cybersecurity. “This lack of political will and interest has hindered the formulation and implementation of effective cybersecurity policies, ultimately failing to keep our citizens safe,” says Brkan.
In a separate report, the Cyber Security Excellence Centre writes, “Bosnia and Herzegovina finds itself in a disadvantaged position, being the last Western Balkans country without a functioning all-encompassing CSIRT [Computer Security Incident Response Team]. This leaves BiH, its government, economy and citizens exposed to cyber harm to such an extent that it may jeopardize the potential benefits of digitalization for the economy and society and make the country more vulnerable to malign external influences in the cyber domain.”
Despite these concerns, BiH has been relatively spared from major cyberattacks compared to other countries such as neighboring Montenegro, which suffered a major cyber-attack in August 2022. Nevertheless, Brkan warns that this should not create a false sense of security.
In an article on the August 2022 incident, AP news stated, “The coordinated attack that started around Aug. 20 crippled online government information platforms and put Montenegro’s essential infrastructure, including banking, water and electricity power systems, at high risk.”
In a world facing a growing number of cyber-attacks which pose serious security concerns for infrastructure and citizens, Brkan says that the attack in Montenegro should serve as a grave warning to BiH policymakers about the dangers of neglecting cybersecurity.

While network security focuses on protecting an organization’s internal networks from unauthorized access and cyber threats, internet security concentrates on safeguarding users and their data online. The broader concept of cybersecurity encompasses both network and internet security while also addressing threats to critical information systems, data, and infrastructures.
In a nation that is still healing from the scars of the 1990’s war and navigating a delicate peace process, Brkan says that cyber threats intersect with ethnic and political divisions.
Recent amendments to legislation in BiH have limited public knowledge about domain ownership which is now posing significant challenges in identifying the perpetrators of cyber-attacks and disinformation campaigns.
According to Brkan, it was once possible to trace the owners of domains, creating greater accountability for individuals and companies spreading disinformation online. However, the recent legislative changes make it difficult to trace the origins of these attacks.
“This lack of transparency complicates issues of liability and accountability, leaving companies and individuals to independently investigate and mitigate cyber incidents,” says Brkan. 
“This creates incentives for individuals to spread disinformation with little risk of any repercussions.”
Furthermore, Brkan underscores the unregulated nature of internet in the country, which makes it more susceptible to disinformation campaigns that undermine the public’s trust in institutions and deepen ethnic divides. Digital disinformation campaigns are being exploited to fuel tensions and destabilize the fragile peace that currently exists in BiH.
“The lack of robust legislation makes digital hate speech a bigger threat, a threat which undermines social cohesion and hinders any serious efforts on national peace processes,” Brkan warns.
Certain sectors in BiH are particularly vulnerable to individual cyber-attacks, with financial scams and identity theft targeting citizens, especially those with limited digital literacy.
“Educational institutions do not prioritize comprehensive cybersecurity awareness programs,” says Brkan. “This leaves young people ill-prepared to navigate the digital landscape safely, leaving them more susceptible to digital disinformation campaigns.”
Unfortunately, the topics of cybersecurity and digital literacy often receive minimal attention in political discussions and formal educational settings. In fact, he says, policymakers in BiH do not prioritize cybersecurity initiatives at all.
The absence of formal education on cyber issues leaves the younger generation unwittingly susceptible to becoming purveyors of disinformation. To combat this, institutional changes must be pursued through responsible policymaking, and digital literacy in formal education settings should become a key focus for lawmakers.
Additionally, Brkan highlights a deficiency in ICT literacy among the population, both elderly and young, which renders them more susceptible to falling victim to cyberattacks and disinformation campaigns.
One promising initiative in this regard is the forthcoming digital media literacy app being developed by Zasto Ne, an organization co-founded by Brkan that focuses on political accountability mechanisms. The app, scheduled for launch in September, is designed for the youth of BiH, aiming to equip the younger generation with the necessary tools to critically evaluate online information, recognize disinformation, and navigate the digital landscape safely.
“By empowering its youth with these skills, BiH can fortify its cybersecurity resilience and protect the ongoing peace processes,” says Brkan.
Brkan emphasizes that strengthening cybersecurity measures, enhancing legislation, and fostering effective coordination are crucial steps in ensuring the safety of the people of Bosnia and Herzegovina. Additionally, raising awareness about the importance of cybersecurity must be made a top priority. Institutional changes are also necessary to ensure that digital literacy becomes an integral part of formal educational settings, empowering the younger generation to navigate the digital realm safely.
BiH finds itself at a critical turning point that demands decisive action to bolster its cybersecurity resilience, protect the national peace process, and safeguard its citizens. By combining political will, legislative improvements, and strategic investments in education and technology, Brkan believes the country can emerge as a more cyber-secure nation according.
Through collective efforts, both domestically and internationally, BiH can secure its digital assets, protect its citizens from cyber threats, strengthen national security and peace processes, and ensure its safety in an increasingly digitized world.