Premises have been allocated and posts created, but Bosnia and Herzegovina’s Security Ministry still lacks the funds to launch a national Computer Emergency Response Team, or CERT, to combat cyber threats like the one that struck the state-level parliament three years ago.
The September 2022 attack on the assembly in Sarajevo put its servers and website out of action for weeks, but there is still no official word on who was responsible or what they were after.
Despite calls from the European Union and other international partners for Bosnia to urgently address such vulnerabilities, authorities have yet to get the CERT up and running, 15 years after the process was formally launched. Dedicated cyber response teams, or CERTs, are now standard across Europe.
The small steps that have been taken followed an official audit as well as a March 2023 report co-authored by BIRN, both of which highlighted the lack of state readiness to confront growing cyber threats.
In 2023, the state-level government approved the systematisation of job positions within the Security Ministry; 18 months later, it allocated premises for the national CERT team.
The premises will be kitted out with money secured through the United Nations Development Programme, UNDP, not state funds, the Security Ministry told BIRN.
The government has identified funds for the CERT premises and hiring of staff, but the 2025 budget has yet to be adopted due to ongoing political wrangling between parties divided along ethnic lines.
“As you are aware, the 2025 budget for institutions of Bosnia and Herzegovina has not yet been adopted, and the Security Ministry of Bosnia and Herzegovina currently has no funds to hire CERT personnel,” the Security Ministry said.