Bosnia and Herzegovina does not have a national computer security strategy, nor a national emergency team (CERT), both of which are staples in this area in almost every country.

  Arben Murtezic

In developed and happy societies, there is almost no other subject that captures the attention of the general and professional public more than is the case with computer security. The traditional understanding and perhaps the first association with this topic is sophisticated technological protection. However, experts in this field have been focusing on the human impact for a long time, because it is people who control the attacked computers, as well as the computers through which they are attacked. In addition, many of the standard and especially dangerous forms of cybercrime are not necessarily based on complex technology, but rather on social engineering.

It is not at all surprising that this topic is one of the priorities of the EU-Western Balkans relations. In developed countries in general there are fears that economically poorer countries with weak institutions will become a sort of oasis for computer criminals. This fear is not unfounded, given the notorious fact that borders mean almost nothing for this type of crime, as well as the physical distance between the perpetrator of the crime, i.e. the attacker and the victim. Namely, the place of execution and occurrence can, and often are, so distant that in the case of ‘conventional’ crime this is most often in the domain of criminal-procedural theory.

Furthermore, it is expected and somewhat understandable that less developed countries don’t keep computer security high on the list of priorities, given the other problems they have to face. In addition, the misconception that the victims of computer crime are only banks and corporations in rich countries leads to the perception of those who abuse computers for criminal purposes in poorer societies as some sort of modern Robin Hoods.

As far as Bosnia and Herzegovina is concerned, we are almost used to global problems becoming even more severe in our own country, due to institutional inefficiency. Bosnia and Herzegovina does not have a national computer security strategy, nor a national emergency team (CERT), both of which are staples in this area in almost every country.

But, as with other problems, there is no use lamenting over bad luck and Dayton restrictions.

Aside from state institutions, individuals, non-governmental organizations, and the private sector can do a lot as well. Strategies and other documents in the most developed countries of the world are actually largely aimed at raising awareness in individuals. Technically simple procedures, such as careful storing, frequent changes and the use of more complicated passwords in general, significantly contribute to security.

Media and non-governmental organizations can certainly help strengthen the security culture, and no less than state institutions. Furthermore, when it comes to this area, commercial companies, and not only the most well-known multibillion dollar corporations, have the resources and knowledge that can hardly be expected from government agencies, and so public-private partnerships are imperative.

It is clear that the issue of computer security is a global one, and due to the huge security and financial interests of all actors, funds for quality projects in this area can certainly be found and from various sources.

In that sense, the possibilities of regional cooperation are great, and there is no reason why they should not be used to a greater extent.


Arben Murtezic, Doctor of Laws whose field of research is computer crime; Director of the Center for Education of Judges and Prosecutors of the Federation of BiH