Security cannot be one man. Security cannot be just one institution either. Safety is all of us. When it comes to cyber security, every institution needs to build its defense capabilities. Only the involvement of everyone in the system can really enable a secure, safe, reliable and resilient digital environment, for the benefit of citizens, businesses and public administration. The more we can defend our own institution, the more we will defend the country.
This was announced by the Minister of Internal Affairs, Oliver Spasovski, at today’s eleventh session of the National Convention for the European Union in North Macedonia of Working Group 4 – Justice, Freedom and Security (Chapter 24) on the topic “Increasing resilience of the institutions to address hybrid threats” organized by the European Movement, with the presence of Macedonian and Slovak experts in the field of security and dealing with hybrid threats, university professors, representatives of the civil sector, international organizations, the Ministry of the Interior and members of the European movement.
Minister Spasovski emphasized that from today’s perspective, “the security situation in the country is stable, and the Ministry of the Interior is successfully doing its job of guaranteeing the safety of every citizen in our country. Today, the Republic of North Macedonia is in a position to use the lessons learned, to cooperate, and contribute to all relevant activities of the EU and NATO related to hybrid threats.” He pointed out that at the state level, a National Council for Cyber Security has been established according to the latest NATO standards, with members from several relevant institutions in the Republic of North Macedonia. The National Cyber Security Strategy 2018 – 2022, which was developed in line with the EU Cyber Security Strategy, is also currently being implemented.
Minister Spasovski also referred to the Russian aggression against Ukraine, the consequences in the economic and energy sector, especially in the electricity market, oil derivatives and natural gas, the food market, on hybrid threats, activities and attacks through social networks which spread false information, misinformation and hate speech, false bomb reports as a type of threat that is not only a phenomenon in our country, but also in other countries of the region like Serbia, Croatia, Montenegro, Kosovo, Romania, Bosnia, and other European countries as well, including the United States and Canada.
According to him, in the period from October last year to the beginning of this year, more than 300 false alarms about planted explosives were sent, while from January to March of this year, about 500 false alarms were sent, of which in March there were a total of 120 false e-mails about bombs in just one day, while no new false bomb threats have arrived in the past month. In Macedonia, fake bomb threats were not the only problem. From the end of 2022 onwards, cyber attacks took place on the websites of state institutions such as the Health Insurance Fund, the Government, the Ministries of Agriculture and Education and Science, from where data was stolen, and in some cases the attackers demanded a ransom for them in crypto currencies.
Regarding the hybrid attack on the Health Fund, which had a non-functional system for more than two weeks after the attack, the investigation is extensive and the case is still being worked on.
In that direction, the Deputy Minister of Health, Maja Manoleva, who also gave her opening remarks, emphasized the important aspects of hybrid threats, their impact on electronic health and the health system as a whole.
“In the context of the healthcare system, hybrid attacks represent a current threat that can affect the availability of medical services, the security of medical data, the completeness of information and the privacy of patients. We are witnessing the recent cyber attack on the Health Insurance Fund which caused a partial stoppage in the realization of payments for health services. The importance of electronic health systems raises them to the level of critical information infrastructure, the protection of which needs to be at the highest level, and mechanisms are also needed to deal with the crises that can arise from hybrid attacks,” said Manoleva, adding that in order to fight these threats we must consider key areas such as education and raising awareness among users, technical and preventive measures, and building clear and standardized policies and procedures, along with ethical principles.
The State Secretary at the Ministry of the Interior, Magdalena Nestorovska, emphasized that the purpose of the discussions at such sessions, including this one, is to define the degree of resistance of the institutions to such threats, to raise awareness that it is our duty to anticipate these and other similar risks and to detect the possible gaps in the normative regulation, on a strategic, and on an operational level.
“I expect that this time as well, we have chosen a topic that is of particular interest to the public, not only because of the well-known fact that hybrid threats threaten the national security of the country, but also because of the fact that hybrid attacks have had a destructive effect on the perception of security of thousands of our citizens by endangering the freedom of movement and hindering the normal functioning of numerous institutions and thousands of families in the country. Spreading panic and fear with threats directed at over 700 institutions, reports of bombs in schools and public institutions, regardless of whether they are false reports, have achieved the goal of spreading panic and creating a sense of insecurity among thousands of citizens, and with that, distrust in the institutions”, State Secretary Nestorovska highlighted, adding that a multi-institutional approach is needed in dealing with these and similar security threats.
The head of the Basic Public Prosecutor’s Office – Skopje, Gavril Bubevski, said that the topic of this debate is important and sensitive for the citizens. According to him, the evidence did not indicate that the perpetrators were part of a terrorist group and if evidence is provided and persons who are part of an organized network of action are identified, they will be sanctioned accordingly. Experience so far shows that the first tool of hybrid threats is false information, with the ultimate intention of causing a feeling of destabilization of the state. So we have to get to the source of the threats.
The professor from the Faculty of Security UKLO from Bitola, Trpe Stojanovski, said that the assessment of how state institutions work comes from the citizens and therefore attention should be paid to their opinion. He said that we still have problems with the definitions of what cybercrime and hybrid threats are, which makes it even more difficult to be aware of such problems and prevent them. “At the end of the day, everyone wants to talk about this topic, but not everyone understands it, so we get a conclusion that doesn’t always cover the problem. In this type of crime, which changes the methodology, compared to the criminals so far, we have new problems locating the place where these threats are carried out,” he said.
The professor from the Institute for Security, Defense and Peace at the Faculty of Philosophy at UKIM – Skopje, Marina Mitrevska, said that when dealing with hybrid threats, three frameworks are most important: strategic, normative and organizational. According to her, it turned out that institutions can hardly deal with hybrid threats. The workforce does not have enough knowledge to deal with these problems, so there are still many measures to be taken. It is very important to hold trainings, in cooperation with FINKI, with the faculties of security, with experts from the institutions that can contribute to the training of the working staff in the institutions of vital importance of the state. She says that cooperation and coordination is needed between the institutions of the country, and with the regional countries as well.
The professor from the Faculty of Information Sciences and Computer Engineering, Boro Jakimovski, added that new activities are starting that are guided by the European digital agenda, with one of the topics being the establishment of national centers for cyber security, in which all factors will be united at the national level, then at the European level, where we will work on strategies together.
The head of the Department for Computer Crime Investigations in the Department of Computer Crime and Digital Forensics, at the Ministry of Internal Affairs, Marija Gjosheva – Krsteski, explained that we are in a time when such hybrid threats are constantly targeting critical infrastructures. Such attacks, as she said, “know no borders, and the attack may be caused by one country, the consequences may be felt by another country, and the evidence may be in a third country”.
Miroslava Sawiris, the director of the Department of Strategic Communication at the Office of the Security Council of the Slovak Republic, shared her expertise on the subject and talked about how hybrid threats are handled in Slovakia.
“In Slovakia, the nature of hybrid threats is different, which shows that you cannot have general solutions for all hybrid threats, because they are very specific. Even larger and wealthier countries than Slovakia face hybrid threats. We need to make better use of the resources that NATO gives us, and it is useful to know that identifying hybrid activities can lead to the triggering of Article 5,” Sawiris said.
She believes that it is good to know that these threats are taken very seriously by NATO. For countries that are small and have limited resources, it is always good to discuss these issues with other countries as well as with NATO. NATO has hybrid support teams consisting of a bunch of experts who can be sent to different countries and consulted as countries need it. If we don’t invest enough in analytical tools, we won’t know what’s going on and we won’t be able to solve the problem properly. Strategic communication is also of vital importance, and we need to talk to citizens and acknowledge problems, making it clear that we have experienced a digital revolution. We need to speak to the public in a way they can understand.
The Slovakian expert who said that “Slovakia was very vulnerable to hybrid attacks, and they had constant external information flooding their news channels and causing problems for the public,” presented a case study on how Slovakia is dealing with these hybrid threats. As she said, the normative framework is very important. The strategic level should go hand in hand with the operational level. “If we have 10 people to deal with hybrid threats, then we are not going to deal with hybrid threats, which means we need whole departments focused only on dealing with cyber threats. The communication aspect should also not be underestimated. It is extremely difficult when you have low trust from citizens in your institutions, to reach people. Cooperation with NATO institutions would greatly help in dealing with these threats. Some of the problems that every state administration faces is cooperation between state actors, administrative burdens, acceptance by decision makers, online influence – using the right tone of voice, measuring influence is also important because we need constant research on public opinion and focus groups so we can come up with important strategies – which is expensive and we need to secure funding which is not time limited.
Liliana Pecova Ilievska from IMPETUS was the next speaker, who first presented the analysis they made regarding the media coverage from the day of receiving the invitation to join NATO, until the day of holding the referendum. She explained that even years before we were faced with hybrid threats, not only in the past period. She indicated that the participation of the civil society sector and the media should be increased in filtering misinformation that affects the public.
She recommended that the convention become a member of the working group for the preparation of the new national cyber security strategy.
Pecova – Ilievska concluded that it would be of great help for employees in public institutions to attend trainings on cyber security, that is, how to protect data, but also to familiarize themselves with the mechanisms and protocols that will help the institutions. She underlined that regulation of online content is something that the media sector should take responsibility for.
The co-chairman of the session and a member of the European movement, Ambassador Andrej Lepavcov, emphasized that education and children, who did not know whether to go to school, as well as medical personnel who could not get the necessary information, suffer the most from hybrid threats. According to him, there is no time for a second mistake, because if something like this happens for the second time, it is expected that the citizens will not forgive it. The choice of this topic for the debate was made just in time to react. “Today’s topic of dealing with cyber threats is relevant in relation to the time we live in, and the national convention is a good platform for dialogue and discussion on current topics related to the European integration process, in order to prepare all the capacities of the state for the upcoming negotiation process with the EU. Therefore, from session to session, the interest in discussing similar topics is getting bigger and more significant together with the recommendations that arise,” concluded the national coordinator of NCEU-MK and president of the European movement, Mileva Gjurovska.