Cyber ??attacks on the digital and computer systems of the Albanian government, in mid-July, created damages, the costs of which could be high in advance, because the hackers have appropriated a series of important documents in key institutions such as the Ministry of Foreign Affairs, Cadastre Agency, Ministry of Finance, Ministry of Defense, etc.
Citizens across the country and businesses also faced high costs from the lack of service delivery.
Hundreds of trips were suspended because citizens could not download vaccines and receive passports. Communication with Taxation and the National Business Center was blocked for several days for all businesses, which were due to submit their 2021 balance sheets and may now face fines for not meeting the deadlines.
Beyond the damage of the moment, the sources within the government institutions, especially the Ministry of Foreign Affairs, Defense and Mortgage inform that they have lost important documents, which even on the seventh day after the attack have not been recovered. The same sources say there are growing concerns about a third wave of attacks.
In the space of a year, the sensitive data of citizens and government documents administered by the National Information Society Agency (AKSHI) have been leaked frequently. First, a list of sensitive data of the citizens of Tirana was published on the eve of the 2021 elections, then a list of salaries and vehicle license plates, and recently, a wide-ranging attack that came from abroad has obtained a series of documents of important.
A technology expert with long work experience in the establishment of digital government systems said that the decline of the Albanian state systems in the form we are experiencing these days is a chronicle that was announced in 2017, when the Council of Ministers approved VKM No. . 673, dated 22.11.2017 for the reorganization of AKSHI.
Through those changes and others that followed, ANKSI became the sole owner, without any kind of supervision of the digital state, being both policy makers, project drafters, procurers, implementers, auditors, i.e. all of them. This change severely compromised data security and passed with very little attention and comment, both in the media and in Parliament, the expert said.
Erjona Preçi, an expert in the field of information security, in Hamburg, Germany, said that the cyber attack in Albania came at a completely inappropriate time, where immigrants could potentially use the summer season to get services in Albania, also when the government just has taken the decision to close the physical counters and offer the service only through digital channels.
According to her, state bodies, as well as other public or private organizations, should rationally allocate resources between defense and response to cyber attacks. Every entity must build and implement effective information security incident management processes, treating all phases with seriousness and consistency, Ms. Preçi said.
Albanian public institutions, like everywhere in the world, have sensitive data of their citizens and other data of state importance, many of them are classified as highly important, such as Mortgage, Foreign Ministry, Police, Information Service, Insurance Fund Health, Civil Registry.
The IT expert, who wished to speak anonymously, said that when the database was created to provide services in e-Albania, the servers were connected head to head (in technical language the information was more fragmented). But, to increase security in later years, the data was centralized in accordance with the ESB (Unique Government Interoperability Platform) architecture at ANKSI.
This means that now, information from all institutions is gathered in an ESB, which is monitored and maintained by ANA. Interoperability through the unique government platform allows the exchange of electronic messages between the Government Gateway and internal systems.
The supporting infrastructure that serves to exchange information with the Government Interaction Platform is DIS (Department Integration Server). DIS performs two-way communication, receives requests from the Core Government Gateway / ESB and sends them to the end systems and receiving back a response from the end system sends it to the Government Gateway Core / ESB.
The suspension for several days (we still don’t know how long it will take to bring all services back online) of all digital services offered at ANA is the latest in a series of security incidents, in the administration of government systems and that these events are a consequence of the totally wrong strategy from the beginning for the concentration of services, said the expert.
Attacks have also occurred in other countries and institutions with technological and human infrastructure much more powerful than AKSHI have been hacked. But it has not happened in any country that all state digital services go down at the same time and for such a long time, he added. The concentration of data increases the possibility of great damage in the event of an attack, as in the present case, at a time when the unit’s cyber security teams are not operational.
In 2017, the Parliament of Albania adopted a law “On Cyber ??Security”. The purpose of this law is to achieve a high level of cyber security.
Article 7 of the law defines the functioning of the CSIRT (Computer Security Incident Response Team).
In the law, the CSIRT is conceived as a computer security incident response team, and its composition should include specialists in the field of computer security next to every operator that administers the critical information infrastructure.
The law states that operators of important information infrastructures must have at least one person responsible for computer security incidents. The responsible minister issues instructions on the work methodology, the tasks that must be performed by the teams, or the responsible persons, and the general criteria that operators must respect in their selection.
But since the law came into force, the CSIRT team has not become functional, says the expert. “And the reason is simple, that this team almost does not exist. By law, the Electronic Certification and Cyber ??Security Authority (CESK), which also includes the CSIRT in the structure, should be the first in the front of the ‘fight with the enemy’ and coordinate the protective measures, but this team does not exist”. said the expert. According to him, as in all public entities, the method of staff selection, as well as in the case of cyber security, leaves much to be desired.