Author: Teodora Tea Ristevska

Pulaski Policy Paper no. 11, 23rd October 2024

Cyber threats in CEE target critical infrastructure and public trust, making a comprehensive defence strategy essential. Harmonizing national policies with EU standards will unify regional cybersecurity defences.

As cyber threats evolve, Central and Eastern Europe (CEE) is increasingly vulnerable to state-sponsored attacks, hybrid warfare, and disinformation campaigns. Incidents such as the 2007 cyberattack on Estonia and the 2017 NotPetya attack on Ukraine show the urgent need for a comprehensive cybersecurity framework. By fostering collaboration with NATO, harmonizing national policies with EU standards, and strengthening public-private partnerships, CEE nations can build resilience and strengthen their defences against emerging threats.

Cybersecurity in CEE is of paramount importance due to the region’s geopolitical proximity to Russia and ongoing hybrid warfare tactics. Nations in this region face a variety of cyber threats targeting critical infrastructure, public services, and the private sector. State-sponsored actors exploit vulnerabilities, and disinformation campaigns have been particularly effective at undermining trust within societies and destabilizing governments.

A comprehensive and multi-layered cybersecurity strategy is critical for ensuring national security and regional stability in CEE. This framework must include stronger public-private partnerships, cross-border intelligence sharing, alignment with EU and NATO standards, and increased education on digital literacy. The successful models of Israel, Spain, and Ukraine provide valuable lessons for CEE countries.

Policy Recommendations

1. Strengthen Public-Private Partnerships

• Governments should create national cybersecurity innovation hubs, bringing together private companies, government agencies, and academia to develop cutting-edge solutions. Israel’s Unit 8200 and Spain’s integration of disinformation management in its cybersecurity strategy offer practical models.
• Collaboration with tech giants like Microsoft and Amazon is essential for enhancing cloud security and data protection, particularly during national crises, as demonstrated by Ukraine’s success in moving critical operations to the cloud during the NotPetya attack.
• Experts emphasize the need for independent oversight and national special prosecutors to address corruption within public-private partnerships, ensuring trust and transparency.

2. Foster Cross-Border Cooperation

• CEE countries must engage in joint cybersecurity exercises, similar to Estonia’s Cyber Defense League, to enhance preparedness. Bilateral intelligence-sharing agreements will improve real-time detection and response to cyber threats, as demonstrated by Ukraine’s collaboration with NATO during cyberattacks.
• Aligning national policies with EU directives like NIS2 and coordinating with NATO’s CCDCOE will ensure a unified regional cybersecurity framework. Spain’s successful harmonization with EU standards provides a blueprint for CEE countries to follow.

3. Enhance Education and Public Awareness

• Governments should incorporate cybersecurity into primary and secondary education, as seen in Israel’s model, where early digital literacy helps foster a security-conscious society.
• Governments must launch mass media campaigns to raise awareness about cyber risks, ensuring that both citizens and businesses understand the importance of cybersecurity as a national security priority.

By adopting these expert-backed recommendations, CEE nations can build a resilient cybersecurity ecosystem that addresses both immediate threats and long-term strategic challenges. Through enhanced cooperation with NATO, the EU, and the private sector, CEE countries can protect their infrastructure, mitigate risks from disinformation campaigns, and safeguard their digital future. Learning from the successes of Israel, Spain, and Ukraine, the region can establish itself as a leader in cybersecurity defence.

Author: Teodora Tea Ristevska, Finalist of the Empowering Young Women Experts in Regional Security and Foreign Policy Fellowship

Teodora Tea Ristevska specializes in security, intelligence, and counterterrorism, with three years of teaching experience in these fields. She holds two Master’s degrees in Political Science and European Studies, as well as a PhD in Defense Studies from the University of Ljubljana. Since 2018, Teodora has been a researcher at the University of Ljubljana and served as a research fellow at the School of International Service at American University in Washington, D.C., in 2022. Her research examines the relationship between security and liberty post-9/11, as well as intelligence studies, security policy, and information security. She is fluent in five languages and actively participates in the Euro-Atlantic Council of Slovenia.

Views and opinions expressed are however those of the author only and do not necessarily reflect those of the European Union or the European Education and Culture Executive Agency. Neither the European Union nor the granting authority can be held responsible for them.