Ways in which recent power outages across Montenegro have drawn attention to the importance of information security.

Sasa Scekic

When a recent breakdown of the electricity network caused a power outage throughout Montenegro, the eHealth portal became inaccessible. It was impossible to schedule a doctor’s appointment online, access medical test results, or download the COVID certificate…

At the same time, when accessing the Ministry of the Interior website, internet browsers warned that the connection was not secure. The national certification body TrustME, established within the Ministry of the Interior, is responsible for issuing electronic certificates on new national ID cards. These credentials allow citizens to identify themselves electronically and sign documents online, which has the same legal power as a physical signature. The unsecure connection message on the website could have only caused concern and possibly deterred citizens from the idea of using their ID card online.

A day later, everything was back in order – eHealth worked, the Ministry website had a valid certificate and the browser didn’t display warning messages. Although, if we look at the mobile version of the eGovernment website, which displays digital public services, we can still see a similar message: ‘Connection Is Not Secure’.

At a time when we are analyzing the ‘Draft Strategy for Digital Transformation of Montenegro 2022-2026’, the above mentioned examples are indicators that remind us of the importance of information security and its essential purpose – the protection of critical infrastructure, public and private sectors, and citizens.

It is undeniable that a digital transformation presents a great opportunity for an economic recovery of the region. Favorable regulatory framework, efficient administration, digital public services, a connection between the public and private sector information systems all create a positive environment for the improvement of existing businesses and development of new ones, which have a greater chance to be competitive and succeed in a global context. Our region must hurry along this path, so as to catch up with the European vision and digital goals of the next decade.

On the other hand, the technological transformation, which implies having IT systems which are more connected and exposed to the Internet, significantly increases cyber risks and threats to digital infrastructure, services and data. We see this through examples from the world’s largest economies. One compromised passcode this year enabled a hacker attack that stopped the largest oil pipeline in the United States and led to shortages along the entire East Coast. Also in the U.S., nearly half of all hospitals had to disconnect their computer networks due to ransomware attacks, which caused significant costs and difficulties in providing health care (study by Philips and CyberMDX).

This didn’t bypass Montenegro either. Attacks on the IT infrastructure of state bodies and the media have become more frequent – usually in the form of DDoS attacks on web portals, which aim to ‘take down’ services and make them inaccessible to users. We can also highlight phishing attacks aimed at tricking users into clicking on a link in an email and downloading malicious software, or leaving sensitive data – like the targeted attack that took place in 2017, when Montenegrin institutions received emails, falsely signed to have come from NATO.

In response to growing threats, Montenegro, with the support of international partners, has made significant efforts in the past few years in the field of cyber security – primarily through the development of a regulatory framework, the establishment of an Information Security Council, and the allocation of responsibilities and capacities within the security sector.

However, as stated in the Cyber Security Strategy 2022-2026, ‘in following current trends, certain challenges have been identified and it has been unequivocally established that accelerated and comprehensive development of cyber capacity is more than necessary’ – that is, it is necessary to work faster and do much more to adequately follow the ambition of digital transformation. This document defines a good framework for further action and an opportunity to support the goals of the Digital Transformation Strategy by achieving cyber security goals.

It makes sense that a greater degree of digital transformation will make attacks on the Montenegrin cyberspace grow exponentially, become more complex and carry greater potential risks. This further emphasizes the importance of a strategic and comprehensive approach to information security and its practical application.

Because, once the power goes out, it isn’t neccessarily harmless but could be an introduction to serious consequences.

 

Sasa Scekic is an IT expert, with professional experience in the field of digital transformation and information security