Bosnia and Herzegovina at a Crossroads for Strengthening Cybersecurity


In today’s interconnected world, cybersecurity and artificial intelligence have become critical concerns. Yet, Bosnia and Herzegovina finds itself inadequately prepared to confront these growing threats.

Darko Brkan, co-author of the policy brief “Cybersecurity in BiH: Progress, Potential, and Unfinished Business,” warns of the pressing cybersecurity challenges facing Bosnia and Herzegovina (BiH) today. The brief highlights shortcomings in legislation, public awareness, and coordination, emphasizing the need for swift political action in order to protect national security, stability, and peace processes in the country. 

Brkan, who identifies several key issues affecting BiH’s cybersecurity readiness, states that one of the most challenging and urgent aspects to consider is disinformation. 

One of the critical issues Brkan identified is the absence of adequate legislation and a strategic framework for cybersecurity in BiH. While cybersecurity laws exist at the state and entity levels, they fail to sufficiently address all relevant aspects. Additionally, although BiH has committed to implementing international agreements and conventions, further aligning with European Union (EU) cybersecurity standards is necessary to fortify the country’s cyber defenses.

Brkan acknowledges the recent establishment of a Computer Incident Response Team (CERT) for BiH institutions is a positive step, but he says that’s just one piece of the puzzle. 

Policy brief Cyber ​​security in Bosnia and Herzegovina – progress, potential and unfinished business highlights the lack of legislation, public awareness and coordination (Source:

When asked about the broader solution, Brkan states, “To effectively tackle cyber threats, BiH needs a robust cybersecurity strategy encompassing various areas, including public-private partnerships, regional and international cooperation, and investments in IT infrastructure.”

Cyber, Internet, and Network Security 

Cyber threats have transcended borders to become a global issue, and BiH is no exception. 

However, the political climate in the country tends to downplay the gravity of cybersecurity. “This lack of political will and interest has hindered the formulation and implementation of effective cybersecurity policies, ultimately failing to keep our citizens safe,” says Brkan. 

In a separate report, the Cyber Security Excellence Centre writes, “Bosnia and Herzegovina finds itself in a disadvantaged position, being the last Western Balkans country without a functioning all-encompassing CSIRT [Computer Security Incident Response Team]. This leaves BiH, its government, economy and citizens exposed to cyber harm to such an extent that it may jeopardize the potential benefits of digitalization for the economy and society and make the country more vulnerable to malign external influences in the cyber domain.” 

Despite these concerns, BiH has been relatively spared from major cyberattacks compared to other countries such as neighboring Montenegro, which suffered a major cyber-attack in August 2022. Nevertheless, Brkan warns that this should not create a false sense of security. 

In an article on the August 2022 incident, AP news stated, “The coordinated attack that started around Aug. 20 crippled online government information platforms and put Montenegro’s essential infrastructure, including banking, water and electricity power systems, at high risk.” 

In a world facing a growing number of cyber-attacks which pose serious security concerns for infrastructure and citizens, Brkan says that the attack in Montenegro should serve as a grave warning to BiH policymakers about the dangers of neglecting cybersecurity.

While network security focuses on protecting an organization’s internal networks from unauthorized access and cyber threats, internet security concentrates on safeguarding users and their data online. The broader concept of cybersecurity encompasses both network and internet security while also addressing threats to critical information systems, data, and infrastructures.

Impact on Peace Process and National Security

In a nation that is still healing from the scars of the 1990’s war and navigating a delicate peace process, Brkan says that cyber threats intersect with ethnic and political divisions. 

Recent amendments to legislation in BiH have limited public knowledge about domain ownership which is now posing significant challenges in identifying the perpetrators of cyber-attacks and disinformation campaigns. 

According to Brkan, it was once possible to trace the owners of domains, creating greater accountability for individuals and companies spreading disinformation online. However, the recent legislative changes make it difficult to trace the origins of these attacks. 

“This lack of transparency complicates issues of liability and accountability, leaving companies and individuals to independently investigate and mitigate cyber incidents,” says Brkan.
“This creates incentives for individuals to spread disinformation with little risk of any repercussions.”

Furthermore, Brkan underscores the unregulated nature of internet in the country, which makes it more susceptible to disinformation campaigns that undermine the public’s trust in institutions and deepen ethnic divides. Digital disinformation campaigns are being exploited to fuel tensions and destabilize the fragile peace that currently exists in BiH.

Cyber ​​threats in BiH are intertwined with ethnic and political divisions (Source:

“The lack of robust legislation makes digital hate speech a bigger threat, a threat which undermines social cohesion and hinders any serious efforts on national peace processes,” Brkan warns.

Vulnerable Sectors and Educational Challenges

Certain sectors in BiH are particularly vulnerable to individual cyber-attacks, with financial scams and identity theft targeting citizens, especially those with limited digital literacy.

“Educational institutions do not prioritize comprehensive cybersecurity awareness programs,” says Brkan. “This leaves young people ill-prepared to navigate the digital landscape safely, leaving them more susceptible to digital disinformation campaigns.”

Unfortunately, the topics of cybersecurity and digital literacy often receive minimal attention in political discussions and formal educational settings. In fact, he says, policymakers in BiH do not prioritize cybersecurity initiatives at all. 

The absence of formal education on cyber issues leaves the younger generation unwittingly susceptible to becoming purveyors of disinformation. To combat this, institutional changes must be pursued through responsible policymaking, and digital literacy in formal education settings should become a key focus for lawmakers.

Additionally, Brkan highlights a deficiency in ICT literacy among the population, both elderly and young, which renders them more susceptible to falling victim to cyberattacks and disinformation campaigns.

Raising Awareness and Promoting Cybersecurity Education

One promising initiative in this regard is the forthcoming digital media literacy app being developed by Zasto Ne, an organization co-founded by Brkan that focuses on political accountability mechanisms. The app, scheduled for launch in September, is designed for the youth of BiH, aiming to equip the younger generation with the necessary tools to critically evaluate online information, recognize disinformation, and navigate the digital landscape safely. 

“By empowering its youth with these skills, BiH can fortify its cybersecurity resilience and protect the ongoing peace processes,” says Brkan. 

Brkan emphasizes that strengthening cybersecurity measures, enhancing legislation, and fostering effective coordination are crucial steps in ensuring the safety of the people of Bosnia and Herzegovina. Additionally, raising awareness about the importance of cybersecurity must be made a top priority. Institutional changes are also necessary to ensure that digital literacy becomes an integral part of formal educational settings, empowering the younger generation to navigate the digital realm safely.

BiH finds itself at a critical turning point that demands decisive action to bolster its cybersecurity resilience, protect the national peace process, and safeguard its citizens. By combining political will, legislative improvements, and strategic investments in education and technology, Brkan believes the country can emerge as a more cyber-secure nation according. 

Through collective efforts, both domestically and internationally, BiH can secure its digital assets, protect its citizens from cyber threats, strengthen national security and peace processes, and ensure its safety in an increasingly digitized world.

Maria Thornton is currently a graduate student at Columbia University’s School of International and Public Affairs in New York City. At SIPA, she is studying International Security Policy with a specific focus on cybersecurity policy. Maria is specifically interested in the intersection of violent extremism, radicalization and cybersecurity/responsible tech policy. Maria became very interested in security policy after spending two years working hands-on with the refugee crisis as an asylum officer focused on Afghanistan, Syria, Yemen and Eritrea.

Related posts

Memento: Srebrenica-Potočari’s new oral history exhibition
I had heard his story before. In fact, I had read and re-read it dozens of times already. But, as I listened to Ahmed Ustić’s Death March story, there was no way of quelling the strange paralysis that I had felt when I first read the account of this young man’s horrifying six-day journey for survival. 
Punishing Denial: Thoughts on the Amendment to the Bosnian Criminal Code
On July 23rd, 2021, Valentin Inzko, the High Representative for Bosnia and Herzegovina (BiH), introduced a Law on the Amendment to the Criminal Code of Bosnia and Herzegovina punishing the denial of international crimes and glorification of war criminals. Coming shortly before the end of his mandate, this decision, in Inzko’s words, was taken after “all chances offered to the domestic authorities to distance themselves from war criminals were ultimately rejected.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Winner of the Intercultural Achievement Recognition Award by the Austrian Federal Ministry for Europe, Integration and Foreign Affairs

Post-Conflict Research Center
Join our mailing list