What is Albania's approach to cyber threats?
Albanian legislation related to cyber security is relatively new. Albania has approved Law No. 25/2024 "On cyber security", based on the need to align the legislation with that of the European Union. It has been technological developments and the difficulties in preventing and fighting cyber attacks that have led to the adoption of legal and bylaw acts in our country, but in the perspective of future developments and the impossibility of avoiding technological progress, the need may have arisen for the drafting of a Cyber ??Security Code.
The evolution of Albanian legislation has undoubtedly been influenced by the historical and social context in which it was found. In such a context, important legal initiatives have been undertaken to regulate issues that affect operational spaces, such as land, sea and air space, with the approval of the respective Codes (Road, Sea and Air Code). Cyberspace according to Law No. 25/2024 "On cyber security" is "the digital environment capable of creating, processing and exchanging electronic communication of information created by networks and information systems even without being connected to the Internet". As a separate and distinct environment where operations take place and threats of great importance arise, it consequently requires a special unified legal regulation.
In support of the drafting of a Cyber ??Security Code, it is also worth mentioning the definitions of the National Strategy for Cyber ??Security 2020-2025, approved with VKM-No. 1084, dated 24.12.2020, which aims, among other things, to "improve the legal framework that regulates and regulates the field of cyber security in the country, as well as its harmonization with the directives and regulations of the European Union" (Specific Objective 1).
In the context of possible legal changes, it is important to recognize the protection of national security as a key objective. The protection of national security lies at the foundation of national and international interests and the joint commitment of states to combat infringements of state sovereignty through cyber attacks.
In today's era of great technological developments cyberspace is constantly vulnerable to cyber attacks, creating the necessity for the discussion on the drafting of a Cyber ??Security Code. The existence of a Cyber ??Security Code would unify and consolidate existing legislation into a common framework, coordinating and harmonizing measures against potential cyber attacks.
Cyber ??attack in recent legal and political discourse is being considered as an armed attack. For this reason, NATO has changed its approach to the application of Article 5 of the North Atlantic Treaty, which defines the general mobilization of member states in the event of an "armed attack" on one of them. This provision is based on the principle of collective defense, as one of the main principles of the operation of the alliance, which determines that an attack against one ally is considered an attack against all allies. But with the great technological developments of the digital age, cyberspace has returned to NATO's focus.
Cyberspace is a new field of action, which is faced with real threats from individuals and states that aim to intrude, damage and take control of computer systems. The legal discussion on the interpretation of Article 5 of the Treaty extends to the notion of "armed attack" and the expanded approach that the alliance has given by stating with the Wales Summit Declaration that a cyber attack on a NATO member state will be considered as an armed attack and will bring application of Article 5. However, not clarifying whether Article 5 will be applied in cases of everyday cyber attacks or armed cyber attacks. The difference between the two notions consists in the entity that undertakes the cyber attack; in the strategy and goals that are sought to be achieved, massively increasing the degree of infringement in the event of an armed cyber attack in relation to that of a daily attack, carried out by unorganized persons within the framework of a state activity.
The Alliance already sees cyber attack as a threat to state sovereignty and thus has declared cyberspace as an operational domain, effectively making a qualitative step in its approach to this type of threat. The 2007 cyber attack by Russian-based attackers against Estonian public and private sector organizations is seen by NATO as an attack that could have triggered Article 5 today, as the Foreign Ministry, Ministry of Defense and banks were targeted. , threatening the security and sovereignty of Estonia.
NATO has stated that cyber defense is included in support of land, sea and air operational commands, as well as the possibility of creating a command for cyber operations in NATO is open.
At the 2021 NATO Summit in Brussels, a Comprehensive Cyber ??Defense Policy was adopted. This policy supported its focus on deterrence and the alliance's general posture for defense, reaffirming NATO's defense function and building on joint engagement within collective responses as well. High-level political oversight in NATO is carried out by the North Atlantic Council, as the main political decision-making body. The Cyber ??Defense Committee has been established under the Council, as a special structure for the implementation of the cyber defense policy.[1]
Also, Article 5 of the Treaty is linked to Article 51 of the Charter of the United Nations, as the fundamental document regarding peace and security. An armed attack for the purposes of Article 51 will include not only an attack against the territory of the State, including its airspace and territorial sea, but also attacks directed against the extraterritorial space of the State, such as its armed forces or embassies. abroad.[2]
But will Albania be ready to react within the application of Article 5 of the North Atlantic Treaty regarding cyber attacks?
Undertaking legal initiatives is a necessity for a country like Albania, a member of NATO and aspiring to become part of the European Union. However, capacity building, institutional commitment, limited resources and the need for continuous training are permanent challenges that require special attention.
Albania, as a member with full rights in the NATO structure since 2009, has been committed to implementing the provisions of the North Atlantic Treaty. Also, the National Strategy for Cyber ??Security has taught the strengthening of cooperation with the alliance regarding possible cyber attacks. The commitment related to the application of Article 5 of the Treaty in the context of a possible cyber attack will undoubtedly bring the obligation of the Albanian state in terms of collective defense.
However, the main potential difficulties in such a case for our country will be related to the limited resources to invest in advanced cyber infrastructure and to update defense technologies; the challenge of building and maintaining an effective system of defense and response to cyber attacks. It will also be necessary to integrate national policies and strategies with those of NATO, to harmonize defense and response to cyber attacks.
To conclude, the discussion on the drafting of a Cyber ??Security Code is a necessity at a time when cyber space is vulnerable to cyber attacks. To ensure a clear and comprehensive framework for defense against cyber threats, state strategies must be oriented not only to everyday incidents but also to well-thought-out attacks that can threaten state sovereignty. NATO's new approach to the application of Article 5 and collective commitment to cyber attacks should be seen as a step forward towards guaranteeing security and stability and at the same time, the Albanian state should adapt its policies towards this approach.
[1]NATO, Cyber ??defense, 30 July 2024. Accessed at https://www.nato.int/cps/en/natohq/topics_78170.htm?selectedLocale=en.
[2] Catham House, International Law, ILP WP 05/01, PRINCIPLES OF INTERNATIONAL LAW ON THE USE OF FORCE BY STATES IN SELF-DEFENCE.