Skip to main content



Cybersecurity Governance

DCAF’s Cybersecurity Governance Programme promotes effective and accountable cybersecurity governance and cybersecurity policymaking, which involves the state, the private sector, the technical community, civil society representatives, and the general public.



The Cybersecurity Governance Programme implements projects that focus on improving cybersecurity law and policies, increasing the capacities of cybersecurity actors, and strengthening accountability in cybersecurity. We work in partnership with international organisations such as the ITU, FIRST, OSCE, GFCE and the EU.
With funding from the United Kingdom’s Foreign, Commonwealth and Development Office, DCAF is implementing the project ‘Good Governance in Cybersecurity in the Western Balkans’ (2021-2024). Drawing on past experiences and achievements, the project incorporates a whole-of-government and whole-of-society approach, and focuses on the following aspects: Law and Policy, Cybersecurity Capacities and Resilience, Awareness Raising and Cyber Hygiene, Stakeholder Cooperation and Oversight, Cybersecurity for All (Human Rights & Gender).

CybersecurityTab1.jpgDCAF supports the development of national cybersecurity law and policy.
This includes providing advice on draft laws and strategies, assessments, providing expertise on improving national cybersecurity governance, contributing to the development of by-laws, and bringing support to institutional developments such as the setting up of sectoral CERTs. We promote multi-stakeholder approaches to finding policy solutions and to implementing laws and policies.

Examples of recent activities:
Several high-level events are organised throughout the year, to increase the knowledge of cybersecurity policy makers and allow exchanges on best practices and challenges in developing cybersecurity legislation and policies.

  • Regional seminar for government officials on cybersecurity and EU regulation best practices. Bled, Slovenia, March 2022.
  • Expert review of the Draft of the Law on Security of Networks and Information Systems and the Cybersecurity Strategy of the Republic of North Macedonia
  • Expert analysis and support for the establishment of an Energy Sectoral CERT in Kosovo

Knowledge Products:




CybersecurityTab2.jpgDCAF works on enhancing the individual and institutional capacities of national Computer Emergency Response Teams (CERTs) and CERTs-like structures in the Western Balkan region to effectively and efficiently prevent and react to attacks on national systems.

The project helps CERTs in developing capacity building plans, and offers training opportunities to CERT staff to increase their skills, knowledge and expertise. Through providing certified trainings for CERT staff, facilitating international and national cyber drills and conferences, as well as peer exchange, we are helping the technical community in the Western Balkan region to gain adequate knowledge and improve the capacities needed for effective cybersecurity incident handling.

Examples of recent activities:

  • Technical Colloquium for Western Balkan CERTs. Durrës, Albania, April 2022.
  • Regional Conference on Cybersecurity Capacity Building. Podgorica, Montenegro, May 2022.
  • TTX Exercise for the National Authority for Electronic Certification and Cybersecurity. Tirana, Albania, October 2022.
  • Crisis Communication Trainings. Albania, North Macedonia, Montenegro, Serbia, 2022.
  • Development of Capacity Development Plans. Albania, Bosnia Herzegovina, Kosovo, 2022-2023.

Knowledge Products:



CybersecurityTab3.jpgDCAF facilitates multi-stakeholder dialogue, promotes multi-stakeholder engagement across public and private sectors, and supports regional cooperation and exchanges between Western Balkan policy and technical communities to enhance trust and develop models for cooperation.

At the national level, we have contributed to several initiatives that bring together cybersecurity stakeholders from the public and private sectors to discuss their roles and responsibilities, and ways of increasing cooperation in cybersecurity. This includes meetings and workshops on sector- or topic-specific areas, such as public-private partnerships, cyber threats for SMEs or critical infrastructures protection.

By building regional cooperation and partnerships, we are creating a network of trust between institutions, decision makers, and IT professionals that can discuss opportunities for cooperation and regional responses, and can work together in increasing regional cybersecurity resilience.

Examples of recent activities:

  • Workshop on cybersecurity and critical infrastructure readiness for health operators in Albania. Tirana, Albania, October 2021.
  • Workshop for the Private Sector on Critical Information Infrastructure Protection in Montenegro. Podgorica, February 2022.
  • Study trips and exchanges between national CERTs. North Macedonia-Serbia, Montenegro-Serbia.
  • Regional Conference on Cybersecurity Capacity Building. Podgorica, Montenegro, May 2022.

Knowledge Products




DCAF supports the Western Balkan economies in their effort to enhance cyber hygiene, both of public sector staff, and of the general public, as well as in their outreach and communication activities. Safe online practices are crucial for cyber resilience. The project supports public institutions in establishing strategic plans on increasing cyber hygiene, and promotes the understanding of cybersecurity risks and threats, encouraging safe and responsible online behaviour.

In order to generate awareness in cybersecurity in the general public and small businesses, DCAF supports cybersecurity actors in the Western Balkans to organise cybersecurity awareness raising campaigns targeted at wider social groups and individuals, with the aim of influencing cybersecurity behavioural change. We support efforts of cybersecurity institutions in the Western Balkans to better communicate the importance of cyber protection, especially focusing on the issues of personal data protection, securing business continuity, rising awareness of cyber threats such as online scams and frauds.

Together with Western Balkan national CERTs, we have developed innovative awareness raising campaign strategies and materials for multimedia and digital tools. 

Watch all the animated short clips of the campaign on our YouTube channel 

Watch all the videos of the campaign on our YouTube channel 

Download and print the posters to raise awareness about cybersecurity around you

Examples of recent activities

  • Webinar on Cyber Essentials and Cyber Baseline. December 2021.
  • Development of online courses on Cyber Hygiene for Public Servants
  • Support to CERTs communication capacities in Albania, Bosnia Herzegovina, Kosovo, Montenegro, and North Macedonia

Knowledge Products



CybersecurityTab5.jpgThe project contributes to more informed cybersecurity policy discussions, both at the regional and national levels, by encouraging parliamentary staff and civil society organisations to play a more effective role in cybersecurity sector oversight and research.

Examples of recent activities

  • Seminar on Cybersecurity Good Governance for Parliamentary Staffers from the Western Balkans. Tirana, Albania, March 2022.

Knowledge Products






Cybersecurity7.jpgDCAF supports civil society and young leaders in their efforts to play a more active role in cybersecurity.

To contribute to informed regional cybersecurity policy discussions, the project has supported the establishment of a Western Balkans Cybersecurity Research Network, composed of civil society researchers from the region. The network research aspects covering cybersecurity and human rights, cybersecurity needs of vulnerable groups, gender, and cybersecurity, in their respective national contexts.

This effort produces more comparative research and information on the progress in cybersecurity governance in the region and supports Western Balkans civil society to engage more in cybersecurity issues and to develop, research, and draft recommendations that promote an approach to cybersecurity taking into account the security needs of all, for governments to integrate a more human-centric approach in their legal and policy frameworks.

Following the 2022 six-chapter book on Human Rights and Cybersecurity in the Western Balkans, the research network has prepared a publication on gender and cybersecurity, ready to be published in late October 2023.

Through our ‘Young Faces’ programme, we work on promoting cybersecurity policy research and knowledge sharing among young professionals across the Central and Eastern Europe region, aiming to involve young leaders to explore and engage in cybersecurity network and expertise. The programme champions the development of young professionals from the region, from the public and private sector, at the start of their careers to raise their awareness on important cybersecurity governance challenges. Over the course of six months and through a winter and summer schools, the participants can familiarise themselves with the topics, learn from international experts, share experiences with their peers, and play an active role in research of cybersecurity by producing policy papers under the mentorship of experts.

Spotlight: papers from DCAF’s Young Faces 2023
Promising cybersecurity ideas from emerging Western Balkans civil society leaders
DCAF’s Young Faces 2023 brought together over 30 young scholars and leaders for enriching seminars on cybersecurity, in the context of the UK Foreign, Commonwealth and Development Office (FCDO) supported-project, ‘Good Governance in Cybersecurity in the Western Balkans’. 17 out of this group wrote policy papers. These covered a range of issues of increasing importance in the six Western Balkans economies of the project: Albania, Bosnia and Herzegovina, Kosovo*, Montenegro, North Macedonia and Serbia.
* This designation is without prejudice to positions on status, and is in line with UNSC 1244 and the ICJ Opinion on the Kosovo declaration of independence.

DCAF spotlights three among all of the thoughtfully written papers:
Disclaimer: The views expressed are those of the authors alone and do not necessarily reflect DCAF positions.

Papers from DCAF’s Young Faces 2022


Examples of recent activities

  • Young Faces Winter School Webinars. Online, January 2022.
  • Young Faces Summer School and participation in the European Dialogue on Internet Governance (EuroDIG). Trieste, Italy, June 2022.
  • Workshop on Gender and Cybersecurity for the Western Balkans Cybersecurity Research Network. Durrës, Albania, July 2022.
  • Advocacy campaign by the Western Balkans Cybersecurity Research Network. Western Balkans, Summer 2022.

Knowledge Products


CybersecurityTab7.jpgDCAF promotes cybersecurity capacity building in the Western Balkans to improve cyber-readiness of the societies through the strategic training of cybersecurity experts and the development of educational program in cybersecurity. The programme supports the inclusion of cybersecurity capacity building in national cybersecurity strategies, and the further development of cybersecurity education at all levels.

Watch all videos of the conference "Cybersecurity Capacity Building"

Key Resources 


This report is a two-factor analysis of cybersecurity: th...

This report is a two-factor analysis of cybersecurity, in...

This report is a two-factor analysis of cybersecurity, in...

As the interwoven threats and opportunities of cybersecur...


Franziska Klopfer, Principal Programme Manager (

Natalija Radoja, Project Coordinator,