KCSS: Critical Infrastructure in Kosovo is still vulnerable


QKSS: Infrastruktura kritike në Kosovë ende e cënueshme

Kosovar Centre for Security Studies (KCSS) published the report “Government Policies in the Protection of Critical Infrastructure” which highlights the inherited negligence of the governing institutions in Kosovo regarding the undertaking of concrete measures for the preservation of critical infrastructure.

The report initially highlights the fact that Kosovo had taken some important steps in this direction. This is because in 2018 the Assembly of Kosovo had successfully adopted the Law on Protection of Critical Infrastructure (which had entered into force in April 2019) becoming the first country in Balkan to take such a step. Also, substantively the Law in question seems to be largely substantive and in full compliance with the relevant European Union legislation. 


However, it’s implementation seems to be problematic, so far none of the governments has taken any concrete steps in this direction, whether in terms of consolidating institutional mechanisms, or the adoption of bylaws or the harmonization of the legal and strategic framework with this law. This is despite the fact that the Law has set deadlines for the implementation of its relevant provisions, thus leaving a significant burden on the current government for the functioning of this law. The report as its main point identifies that:


  • The Ministry of Internal Affairs (MIA) has not yet established and functionalized the institutional mechanism within its structure, which is the first and main step in starting the implementation of the law, while bylaws have not yet been issued. Perhaps, this is because the previous Governments had not taken any action in fulfilling its obligations deriving from the law, leaving this burden to the current Government which should urgently take the necessary steps.
  • The new National Security Strategy which has been in the drafting process for some time and which would be expected to be adopted in the near future, as the basic policy for security priorities should address the protection of critical infrastructure such as one of its essential priorities and to make clear the division of responsibilities and tasks of institutions as well as the coordination of legal and strategic initiatives to ensure synergy between them.
  •  The first Defense Strategy draft, which has also been in the drafting process for some time and which should be approved soon, should be reviewed in accordance with the new mandate of the KSF in order to protect integrity and sovereignty, including the protection of critical infrastructure through concrete actions.




  •  In the field of civil emergencies, the National Response Plan and the Integrated Emergency Management System should be reviewed as soon as possible as in addition to the deadline for their review, they do not reflect the developments of recent years in terms of drafting the legislation related to this field, including that for the protection of critical infrastructure. 
  • In terrorism field, the new Counterterrorism Strategy needs to be reviewed and activities planned in protecting critical infrastructure from terrorist attacks, including obligations under the Joint Plan signed with the EU to combat terrorism.
  • In the field of cyber security, the draft law on cyber security and the new Strategy on cyber security should be finalized paying special attention to avoid duplication of mechanisms and conflict of legal provisions with the law on critical infrastructure.
  • In the field of private security services, the finalization and adoption of the new law on private security services should be proceeded as soon as possible. The new law should provide for another advanced security service to be provided by private physical security companies designed specifically to maintain critical infrastructure. Thus, these private companies would no longer be able to apply for the preservation of these vital assets if they do not have members trained and licensed specifically for this service. Respectively, finally putting an end to the current practices where the state delegates the maintenance of critical infrastructure to private physical security companies through the basic security service for which only 3 days of training are required for the members who provide this service.


What is Critical Infrastructure?


‘Critical Infrastructure’ means any physical or virtual state asset of existential importance for the well-being and security of the State and society at large. Thus, in the case of Kosovo, the critical infrastructure includes assets such as: Kosovo Energy Corporation and electricity distribution network; artificial lake dams and drinking water distribution networks, bridges, highways, electronic system of official communication, civil registration, money circulation, landfills where hazardous explosive materials are stored, etc. 


Therefore, given the importance of this infrastructure, its preservation should be one of the main priorities of state security policies in the country. Consequently, the Government of Kosovo must ensure that the protection of this infrastructure is comprehensive and by incorporating it in all strategic security documents, starting from: national security strategy, defense strategy, combating terrorism or organized crime, cyber security, etc.


Failure to take the necessary steps by the relevant institutions in defense of this infrastructure leaves the country exposed to ongoing risks that could have a fatal epilogue to national security in the country.