Fejléc

Building Cyber Resilience Without Borders and the help of AI

Szerző ikon Predrag Puharic

Dátum ikon 2025.09.04

Most countries rely on national CERTs and cybersecurity laws to protect their digital infrastructure. Bosnia and Herzegovina, however, has neither, leaving sensitive sectors exposed.
In this gap, the Cybersecurity Excellence Centre (CSEC) has stepped in as a community-driven initiative. By using open-source tools, academic ties, and public trust, it shows how resilience can be built from the ground up.

A Country Without a National Safety Net

Bosnia and Herzegovina is still the only nation without a national CERT or cybersecurity law, leaving health, banking, and other digital services unprotected. To fill this gap, the Cybersecurity Excellence Centre (CSEC) emerged as a community-based initiative, rooted in academia and civil society, and free from political ties.

Grassroots Innovation on Limited Resources

Despite having fewer than ten staff, CSEC has introduced tools that significantly improve visibility of cyber threats.

  • Public vulnerability trackers.
  • Cooperation with the Shadow Server Foundation.
  • DecoyNet—a low-cost honeypot network running on Raspberry Pi devices.

From Response to Anticipation with AI

CSEC currently reacts to incidents, but its ambition is predictive defense. By applying AI to detect anomalies, classify incidents, and forecast attacks, the team aims to prevent breaches before they occur. The lack of datasets, expertise, and ethical frameworks, however, remains a major challenge.


Strength in Regional and Global Cooperation

To bridge its limitations, CSEC works with universities, EU projects, and global partners. These collaborations have already led to Bosnia’s first parliamentary initiative toward establishing a national cybersecurity agency.

Lessons for Other Nations

Bosnia’s example shows that even without government-led structures, cyber resilience can grow from the ground up.

  • Civil society can fill the gap when governments fall short.
  • Open-source tools and trust can make up for limited funding.
  • Predictive security is not just about tools, but about collaboration, ethics, and local context.
  • AI should support experts, not replace them, ensuring accountability in small teams.

Read the full article on our International subsidiary’s website by clicking on the logo: