Cybersecurity Strategy 2025–2028 of the Republic of North Macedonia

October 2024

View the original document

Strategies and Action Plans

Author: Ministry of Digital Transformation

The Cybersecurity Strategy 2025–2028 is positioned as a core pillar of North Macedonia’s national security, digital transformation, and societal resilience. It builds upon the previous 2018–2022 strategy and addresses the increasing frequency and severity of cyberattacks, especially those targeting critical infrastructure such as energy, finance, and health.

This strategy aligns closely with other national policies and plans, including:

  • The National Development Strategy 2024–2044
  • The Smart Specialisation Strategy 2024–2027
  • The Hybrid Threats Resilience Strategy 2021–2025
  • and Government strategic priorities for 2024–2028

It reflects both a national need and international alignment, particularly with EU directives (NIS2, Cybersecurity Act), ITU guidance, and ENISA tools.

Vision and principles

Vision:
‘Creating a safe digital future through cybersecurity that fosters the digital transformation process in the Republic of North Macedonia.’

Core principles:

  1. Cybersecurity is everyone’s responsibility
  2. Coordination and cooperation at national and international levels
  3. Security-by-design
  4. Risk-based cybersecurity
  5. A holistic approach that integrates technology, processes, and people

Strategic priorities and goals

The strategy is built around five priority areas, each with general and specific objectives.

1. Strong national cybersecurity capacities

  • General goal: Resilient and secure national cyberspace
  • Specific goals:
    • Robust cybersecurity governance structure
    • Establishment of a Cybersecurity Sector within the Ministry of Digital Transformation (MDT)
    • Increased capacity for defensive cyber operations

2. Security and resilience of critical entities, networks, and ICT systems

  • General goal: Secure, trusted, and resilient digital infrastructure
  • Specific goals:
    • Improved risk and threat management
    • Resilient, essential and important entities
    • Better national network security
    • Recommendations for secure technologies in society
    • Public-private partnerships for cyber resilience

3. Cyber threat-resilient society

  • General goal: Aware and prepared population
  • Specific goals:
    • Raise awareness about cybersecurity and counter disinformation
    • Protect children and youth online

4. Minimisation of the impact of cyber incidents

  • General goal: Timely and coordinated response to cyber incidents and crises
  • Specific goals:
    • Timely identification, reporting, and response to significant cyber incidents
    • Response to widespread incidents and crises
    • Combating cybercrime

5. National and international cooperation

  • General goal: Strengthen national capacities and build trust in cyberspace
  • Specific goals:
    • Enhance collaboration at national, regional, and international levels
    • Promote responsible state behaviour and trust-building measures

Implementation, monitoring, and funding

The strategy includes a detailed action plan, a monitoring and evaluation framework, and a risk management component. Key features include:

  • An indicative budget for each activity
  • Designated leading institutions and stakeholders
  • A central role for the Ministry of Digital Transformation (MDT) in coordination
  • Use of donor funding where possible
  • Performance indicators and targets for all strategic objectives

Identified weaknesses and recommendations

challenges:

  • Lack of trained cyber professionals
  • Weak national coordination
  • Incomplete legal framework
  • Poor incident response readiness
  • Limited technical and human capacity in institutions

Recommendations:

  • Develop national education and career development programs for cybersecurity
  • Build and network CSIRTs across sectors
  • Run public awareness campaigns
  • Strengthen laws aligned with EU standards
  • Enhance international cooperation, especially with NATO and EU

Notable structures and tools

  • National Cybersecurity Council and integration with the Digital Transformation Council
  • Establishment of MKD-CIRT as the national CSIRT (needs expansion and support)
  • Institutional split of the former Ministry of Information Society into MDT and a separate Ministry for Public Administration (June 2024)