Kosovo Safety and Security Programme-Combating Cyber Crime in Kosovo (C3K)

Report Cover Image
Evaluation Plan:
2021-2025, Kosovo
Evaluation Type:
Final Project
Planned End Date:
08/2021
Completion Date:
09/2021
Status:
Completed
Management Response:
Yes
Evaluation Budget(US $):
13,000

Share

Document Type Language Size Status Downloads
Download document TOR - FINAL Evaluation Specialist.pdf tor English 284.59 KB Posted 783
Download document C3K Project Implementation Evaluation Report - FINAL.pdf report English 1139.74 KB Posted 848
Title Kosovo Safety and Security Programme-Combating Cyber Crime in Kosovo (C3K)
Atlas Project Number: 00100185
Evaluation Plan: 2021-2025, Kosovo
Evaluation Type: Final Project
Status: Completed
Completion Date: 09/2021
Planned End Date: 08/2021
Management Response: Yes
Focus Area:
  • 1. Governance
  • 2. Others
Corporate Outcome and Output (UNDP Strategic Plan 2018-2021)
  • 1. Output 2.2.1 Use of digital technologies and big data enabled for improved public services and other government functions
  • 2. Output 2.2.3 Capacities, functions and financing of rule of law and national human rights institutions and systems strengthened to expand access to justice and combat discrimination, with a focus on women and other marginalised groups
  • 3. Output 3.2.2 National and local systems enabled and communities empowered to ensure the restoration of justice institutions, redress mechanisms and community security
SDG Goal
  • Goal 16. Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
SDG Target
  • 16.1 Significantly reduce all forms of violence and related death rates everywhere
  • 16.4 By 2030, significantly reduce illicit financial and arms flows, strengthen the recovery and return of stolen assets and combat all forms of organized crime
  • 16.6 Develop effective, accountable and transparent institutions at all levels
  • 16.8 Broaden and strengthen the participation of developing countries in the institutions of global governance
  • 16.a Strengthen relevant national institutions, including through international cooperation, for building capacity at all levels, in particular in developing countries, to prevent violence and combat terrorism and crime
Evaluation Budget(US $): 13,000
Source of Funding: Project budget
Evaluation Expenditure(US $): 6,050
Joint Programme: No
Joint Evaluation: No
Evaluation Team members:
Name Title Nationality
Krenar Loshi Local project evaluation consultant KOSOVO
GEF Evaluation: No
Key Stakeholders: Ministry of Internal Affairs, Kosovo Police
Countries: KOSOVO
Lessons
1.

Ensuring continuous close communication with all stakeholders is paramount in avoiding pitfalls due to frequent changes in the government or ministerial leadership.


2.

Demand driven activities and joint design of such, ensures high degree of implementation, even at challenging times, as it has been during the Covid19 pandemic.


Findings
1.

UNDP over the years through KOSSAC and KSSP programmes, and through C3K project has established a credible profile in the field of security and enjoys full trust from all institutional CERTs, which paves the way for future engagement with MIA and respective security institutions.


2.

The project, specifically through the trainings, has contributed to improved performance of institutional CERTs, especially KP?s CCIS and Digital DFU, and the RAEPC.


3.

The project is on track to achieve the targets set forth in the logframe. The overwhelming majority of interviewees was of the opinion that the project team is very committed, professional, and supportive.


4.

Generally, and despite a difficult situation in 2020 due to Covd19 pandemic, the institutional partners speak favourably about their collaboration with the project and are fully satisfied how the project managed to adapt the activities on-line, while maintaining a high level of quality.


5.

The forthcoming Law on Cyber Security is expected to add to the quality of the interventions and improve the institutional capacities for leadership and coordination.


Recommendations
1

Focus more on cybersecurity capacity development and awareness raising activities, covering prevention and advocacy aspects, and policy making and coordination processes, build around MIA, as main lead partner, in cooperation with KP, RAEPC and AIS.

2

The technical aspects, related to specialised equipment, software and trainings (e.g. digital forensics) required for cybercrime investigation and prosecution, besides requiring significant resources, they are largely covered by other donors such as the U.S. and the EU programmes respectively, thus ought to be covered only if necessary under a separate outcome or even a separate project of more technical – procurement centred nature.

3

Focus on providing policy support to completion of the legal infrastructure and development of the new Strategy Cyber Security, through sponsoring relevant local surveys, analysis and research papers in the domain of cybersecurity.

4

Identify suitable local partner Experts, CSOs and Think Tanks and commission analysis and research papers which are very scarce, yet necessary to feed into the policy making processes in the field of cybersecurity. This also contributes to strengthening of non-government sector capacities in the field of cybersecurity and overall sustainability of results.

5

The anticipated establishment of the Cyber Security Authority by the government, most probably under the MIA, is expected to lead and coordinate all cybersecurity efforts, and should be the centre of focus in terms of capacities to gather, analyse and disseminate information amongst relevant stakeholders.

 

6

Further strengthen capacities of KP first responders in regional and local KP stations, in preliminary investigation techniques related to reported cybercrime, as this stage determines the effectiveness of later more advanced investigation stages.

7

Ensure continuity of provision of specialised professional trainings and certification to CERTs in demand driven basis.

8

Advocacy and awareness should be further enhanced, both in terms of protection from potential cyber threats, as well working with various local IT labs, to target more women to specialise on cybersecurity.

9

Engage with MEST to strengthen awareness and advocacy actions targeting schools, pupils, and students.

10

Engage with institutions and businesses to open up and encourage ethical hacking activities in testing their cybercrime prevention capacities. Offer awards to successful hacks.

11

Identify Champions of Change and support their engagement in TV debates, presentations, lectures, etc.

12

Maintain demand driven approach to development of trainings, and where possible spread out trainings over time to provide more space for stakeholders to participate while being able to carry out their daily duties uninterrupted.

13

Develop a comprehensive M&E mechanism to ensure quality analysis not only on progress reporting, but also in feeding into research, policy studies, papers and publications. If resources allow, engage an additional staff covering Monitoring, Evaluation and Learning aspects of the project.

1. Recommendation:

Focus more on cybersecurity capacity development and awareness raising activities, covering prevention and advocacy aspects, and policy making and coordination processes, build around MIA, as main lead partner, in cooperation with KP, RAEPC and AIS.

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

 FULLY ACCEPTED As part of UNDP’s wider support to the Kosovo 2030 Digital Agenda, consultations with Kosovo institutions, development partners, private sector and influencers is being carried out as part of the finalization of the UNDP Digital Readiness Assessment (DRA) for Kosovo. This includes a strong view on cyber security, in terms of regulation, infrastructure, institutional setup and general awareness of the population  in the field of cyber security.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
UNDP to initiate actions aiming to strengthen cybersecurity as a result of the DRA and in support of the Kosovo 2030 Digital Agenda.
[Added: 2021/12/08] [Last Updated: 2021/12/23]
UNDP Programme Unit 2022/12 Initiated History
2. Recommendation:

The technical aspects, related to specialised equipment, software and trainings (e.g. digital forensics) required for cybercrime investigation and prosecution, besides requiring significant resources, they are largely covered by other donors such as the U.S. and the EU programmes respectively, thus ought to be covered only if necessary under a separate outcome or even a separate project of more technical – procurement centred nature.

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

FULLY ACCEPTED The completion of the UNDP DRA and wider consultations aims at outlining how UNDP can further complement existing initiatives by Kosovo institutions and development partners, including on cyber security, in order to drive systemic change in the field of cyber security. As such, a global UNDP pilot of establishing a portfolio approach to digital transformation is being completed in Kosovo.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
UNDP Kosovo to complete a portfolio blueprint for developing a portfolio of strategic options on digital transformation.
[Added: 2021/12/08] [Last Updated: 2021/12/23]
-UNDP Programme;unit 2022/12 Initiated History
3. Recommendation:

Focus on providing policy support to completion of the legal infrastructure and development of the new Strategy Cyber Security, through sponsoring relevant local surveys, analysis and research papers in the domain of cybersecurity.

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

Fully Accepted. While the CS strategy is being prepared, UNDP will support the process, leveraging insights gained as part of the Digital Readiness Assessment as well as global advisory expertise.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Provide advisory support to the CS Strategy to the Office of the Prime Minister
[Added: 2021/12/08] [Last Updated: 2022/05/09]
-UNDP Programme unit 2022/12 Initiated History
4. Recommendation:

Identify suitable local partner Experts, CSOs and Think Tanks and commission analysis and research papers which are very scarce, yet necessary to feed into the policy making processes in the field of cybersecurity. This also contributes to strengthening of non-government sector capacities in the field of cybersecurity and overall sustainability of results.

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

FULLY ACCEPTED UNDP has already engaged with local and regional experts and CSOs who actively involved in C3K project activities as well as the preparation of the DRA and portfolio option.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
To expand the cooperation and regional experts and other partners.
[Added: 2021/12/08] [Last Updated: 2021/12/23]
UNDP Programme unit KSSP Team 2023/06 Not Initiated History
5. Recommendation:

The anticipated establishment of the Cyber Security Authority by the government, most probably under the MIA, is expected to lead and coordinate all cybersecurity efforts, and should be the centre of focus in terms of capacities to gather, analyse and disseminate information amongst relevant stakeholders.

 

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

ACCEPTED:  The establishment of the CSA is foreseen as per the draft law on CS with an explicit mandate to carry out activities as per recommendation 5.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Support the competent institutions dealing with cybersecurity by providing advice and guidance.
[Added: 2021/12/08] [Last Updated: 2021/12/23]
UNDP Programme KSSP Team 2023/12 Initiated History
6. Recommendation:

Further strengthen capacities of KP first responders in regional and local KP stations, in preliminary investigation techniques related to reported cybercrime, as this stage determines the effectiveness of later more advanced investigation stages.

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

FULLY ACCEPTED:   Through UNDP’s DRA for Kosovo, avenues to strengthen KP capacity are being assessed in connection with the wider gaps underpinning Kosovo’s current digital transition process. Through existing UNDP interventions and new initiatives, UNDP seeks to integrate digital per default, including cyber security.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Through DRA support the Kosovo’s digital transformation process while having cybersecurity as its integral part.
[Added: 2021/12/08] [Last Updated: 2021/12/23]
UNDP Programme 2022/12 Initiated History
7. Recommendation:

Ensure continuity of provision of specialised professional trainings and certification to CERTs in demand driven basis.

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

FULLY ACCEPTED:  Under the DRA and wider digital portfolio process, UNDP has expanded contact and discussions with potential partners interested in collaborating in a continuation of specialised trainings in the field of cyber security.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Continue to strengthen capacities of CERT’s officials and other law enforcement officers who are dealing with cybersecurity through specialized trainings with international certification.
[Added: 2021/12/08] [Last Updated: 2022/01/12]
-KSSP Team 2021/12 Completed Specialized, certified trainings were organized for KOS-CERT and law enforcement officials dealing with cyber-security and cyber-threats. Officials have now enhanced knowledge in addressing cyber-security issues and are able to ensure a safer institutional cyber-environment. History
8. Recommendation:

Advocacy and awareness should be further enhanced, both in terms of protection from potential cyber threats, as well working with various local IT labs, to target more women to specialise on cybersecurity.

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

FULLY ACCEPTED: As part of UNDP’s DRA and digital portfolio work, particular emphasis is placed on digital inclusion, including the need to target women professionals in the field of cyber security and digitalization more broadly with the aim of strengthening UNDP’s support to skills development and women in STEM.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Through digital portfolio development, identify challenges and opportunities in accelerating digital society and inclusion, while addressing digital divide through digital literacy and gendered perspectives.
[Added: 2021/12/08] [Last Updated: 2021/12/23]
-UNDP Programme unit 2023/12 Initiated History
9. Recommendation:

Engage with MEST to strengthen awareness and advocacy actions targeting schools, pupils, and students.

Management Response: [Added: 2021/09/19] [Last Updated: 2021/12/23]

PARTIALLY ACCEPTED:   Through UNDP’s work on DRA and digital portfolio, skills development is emerging as both a key enabler and barrier. This includes engagement with all relevant stakeholders including MEST, CSO, academia  but also the wider community of stakeholders providing or influencing skills training on accelerating Kosovo youth’s foundational skills in ICT and digitalization, including online threats and cyberbullying.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
UNDP Kosovo to complete a portfolio blueprint for developing a portfolio of strategic options on digital transformation
[Added: 2021/12/08] [Last Updated: 2021/12/23]
-UNDP Programme Unit, 2022/12 Initiated History
10. Recommendation:

Engage with institutions and businesses to open up and encourage ethical hacking activities in testing their cybercrime prevention capacities. Offer awards to successful hacks.

Management Response: [Added: 2021/12/23]

ACCEPTED.  While potentially sensitive, UNDP is gathering lessons on how to promote ethical hacking in support of Kosovo institutions via UNDP’s global digital network, in line with recommendations from the DRA.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Explore with key counterparts the scope for pilot testing of ethical hacking in identifying potential vulnerabilities on ICT infrastructure.
[Added: 2021/12/23]
UNDP Programme unit 2022/12 Not Initiated
11. Recommendation:

Identify Champions of Change and support their engagement in TV debates, presentations, lectures, etc.

Management Response: [Added: 2021/12/23]

FULLY ACCEPTED:   Under the DRA and wider digital portfolio process, UNDP organized in November 2021 Digital Week in close cooperation with the Ministry of Economy, through which it expanded contact with various stakeholders on how to   build inclusive, ethical and sustainable digital society.  . The role of the digital transformation  portfolio is to identify the most strategic intervention spots that accelerate Kosovo’s digital transformation and add value to existing initiatives led by government, private sector, civil society and development partners.  Digital Champions in several areas have been identified and invited for active engagement in the portfolio process while highlighting the need to work across four areas: digital landscape, digital utility, digital trust and digital economy.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Stakeholder engagement and consultations through digital portfolio to identify digital that influence actions for digital acceleration
[Added: 2021/12/23]
UNDP Programme Unit 2021/12 Completed
12. Recommendation:

Maintain demand driven approach to development of trainings, and where possible spread out trainings over time to provide more space for stakeholders to participate while being able to carry out their daily duties uninterrupted.

Management Response: [Added: 2021/12/23]

FULLY ACCEPTED:  UNDP has maintained a demand driven approach to specialized trainings which were organized based on the beneficiaries availability.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Consult with potential beneficiaries on the type and duration of the specialized trainings.
[Added: 2021/12/23]
UNDP Programme 2022/12 Initiated
13. Recommendation:

Develop a comprehensive M&E mechanism to ensure quality analysis not only on progress reporting, but also in feeding into research, policy studies, papers and publications. If resources allow, engage an additional staff covering Monitoring, Evaluation and Learning aspects of the project.

Management Response: [Added: 2021/12/23]

FULLY ACCEPTED:  Under both the digital portfolio process as well as a CPD-level Programme Dynamic Management pilot, UNDP is exploring avenues to strengthen data gathering for enhanced policy making, including in terms of MEL.

Key Actions:

Key Action Responsible DueDate Status Comments Documents
Strengthened MEL and data gathering and analysis reflected in UNDP Kosovo’s M&E practice.
[Added: 2021/12/23]
UNDP Programme unit 2022/12 Initiated

Latest Evaluations

Contact us

1 UN Plaza
DC1-20th Floor
New York, NY 10017
Tel. +1 646 781 4200
Fax. +1 646 781 4213
erc.support@undp.org