Cybersecurity in Albania in a new era, from fragmented and partially manual processes, to a fully centralized system

Cybersecurity in Albania in a new era, from fragmented and partially manual processes, to a fully centralized system

As cyber threats grow increasingly complex and frequent, the need for resilient digital infrastructure and cybersecurity professionals with the skills and knowledge to counter evolving threats has never been more pressing. Experts observe that artificial intelligence and machine learning have already transformed the entire dimension of cyber operations, both offensively, in the hands of malicious actors, and defensively, in detecting traces and responding to cyber incidents.

In response to the large-scale cyberattacks that affected the Western Balkans in 2022, the European Union launched the project "Cybersecurity Rapid Response Measures for Albania, Montenegro, and North Macedonia 2.0", an initiative implemented by the e-Governance Academy (eGA).

The project has worked closely with Albania's National Agency for Information Society (AKSHI) and the National Authority for Electronic Certification and Cybersecurity (AKSK) to build and expand their operational cybersecurity capabilities. Both institutions play a central role in Albania's cyber defence, operating as 24/7 hubs where cybersecurity professionals continuously monitor, detect, and respond to threats in real time.

"We are proud that, through this project, Albanian cybersecurity institutions AKSHI and AKSK have gained access to world-class cybersecurity software. Tools such as GreyNoise, Acunetix, and Cognyte Luminar empower them to detect threats more quickly, reduce false positives, and respond effectively to complex cyber risks," said Merle Maigre, Head of the Cybersecurity Competence Centre and Team Leader of the Cybersecurity Rapid Response 2.0 project.

However, she stresses, "Strengthening cyber resilience is not merely about deploying advanced tools. Even more importantly, it involves equipping local institutions with the knowledge, skills, and operational readiness required to respond to today's complex threat landscape. Through close collaboration with our Albanian stakeholders, we have enhanced not only technical capabilities but also strategic coordination, which remains essential for safeguarding national and regional digital infrastructure."

The mission of Albania's National Cybersecurity Authority (NCSA) is to ensure a secure digital environment for Albania's institutions, critical sectors, and citizens.

"Previously, login analysis and incident correlation were carried out manually across disconnected systems, often delaying response times. Analysts had to rely on separate tools and limited storage to identify patterns. There was no structured system to gather open-source intelligence or monitor malicious behaviour in the deep and dark web, which could indicate upcoming attacks on Albanian institutions," explains Esmeralda Kazia, Head of the Directorate of Monitoring and Incident Response at the NCSA.

"This new infrastructure has allowed the NCSA to transition from fragmented and partially manual processes to a fully centralised system, capable of continuous monitoring, log aggregation, and rapid incident response," says Kazia, underlining its effectiveness.

With the delivery of four high-performance VxRail servers, the NCSA now has a resilient and scalable core that supports the centralisation of data and the protection of national assets. The project also provides access to the Cognyte Luminar threat intelligence platform, which offers visibility across multiple layers of the web, enabling analysts to track indicators of compromise and monitor threats or suspicious behaviours. This capability allows the identification of potential risks to critical infrastructure and delivers real-time alerts related to malicious actors targeting Albania's digital space.

The project has also significantly enhanced the cyber capacities of the National Agency for Information Society (AKSHI), assisting in the development of dedicated programmes against malicious activities and training experts.

"Through various activities, such as workshops, live-fire exercises, and regional training sessions, the project has improved the technical skills of cybersecurity specialists, providing them with both theoretical knowledge and practical experience. To further strengthen security, two systems have been made available to our institution: Acunetix, which scans the source code of web pages to identify weaknesses and vulnerabilities, and GreyNoise, an intelligence platform that detects IP addresses exhibiting malicious activity. The use of these systems increases staff efficiency, integrates with existing solutions, and standardises the incident reporting process," highlights Enis Ylli, Head of the Directorate of Cyber Monitoring and Protection for E-Government Systems and Infrastructure at AKSHI.

Ylli explains, "GreyNoise gives us more comprehensive information about malicious actors by enriching data on the location and attribution of activities. It allows us to build proactive defences within our SIEM/SOAR platforms, while also relying on the vulnerabilities identified by Acunetix. Their integration with existing solutions broadens the scope of technical defence measures, enabling effective responses to both modest and sophisticated state-sponsored actors."

According to him, artificial intelligence accelerates real-time actions and significantly expands the scale and sophistication of cyberattacks. This results in a constant battle, where international conflicts extend beyond regional borders, and defence mechanisms face unknown threats and increasingly innovative technologies.

The systems provided through the project's assistance enhance existing solutions, expanding interoperability and improving operational efficiency. "Through this strategic support, Albania is now better equipped to secure its digital frontiers, aligned with EU cybersecurity standards, and contribute to regional and cross-border information sharing," concludes Kazia.

Background information

The project "Cybersecurity Rapid Response Measures for Albania, Montenegro, and North Macedonia 2.0" is an initiative launched by the European Union and implemented by the e-Governance Academy (eGA) in response to the large-scale cyberattacks that affected the Western Balkan region in 2022. The project followed up on earlier similar efforts. By providing technical training and expert consultancy, the project aims to strengthen the cyber resilience of Albania and other Western Balkan countries, while improving their ability to respond effectively to cyber crises. In Albania, the project has closely collaborated with the National Agency for Information Society (AKSHI) and the National Authority for Electronic Certification and Cyber Security (AKSK) to build and expand their operational cybersecurity capabilities. Both institutions play a central role in Albania's cyber defence, serving as 24/7 operational hubs where cybersecurity professionals continuously monitor, detect, and respond to threats in real time.