The lack of experts in the field of cyber security is a global problem and Montenegro also faces it, especially when it comes to state institutions that are not attractive enough for these experts. In order to attract and retain them, the state would have to offer conditions that are significantly above average. Otherwise, many will opt for more lucrative opportunities abroad, private companies or the banking sector...
This, among other things, he said in an interview with "Vijesti". Aleksandar Matovic, who received his doctorate from the University of Luxembourg on the topic of cyber security.
Matović completed primary and secondary school in Nikšić, basic studies at the Faculty of Information Technology (FIT) of the Mediterranean University, and then, through the Erasmus+ program, enrolled in a master's degree at Mälardalen University in Sweden, which, it seems, was also a turning point for him:
"Before I decided on the academic path, I was primarily focused on working in industry, believing that academia and industry are two separate worlds. However, it was in Sweden that I realized that the two domains can be closely related."
During his master's studies in Sweden, Matović worked on his master's thesis in cooperation with the company "ABB", one of the global leaders in automation and robotics technology, where he first encountered research in the field of cyber security, which further strengthened his interest in this field. area:
"That was the first time I met and learned about the concept of an industrial doctorate, I got an insight into how it is possible to work in a company and engage in scientific research in parallel, and how this synergy enables the application of academic knowledge in solving specific industrial challenges."
The experience in Sweden, he says, permanently changed his view of professional development and he realized that he wanted to continue his academic training in the field of cyber security.
Opportunities are limited in Montenegro
Montenegro, he adds, in the field of cyber security, like other countries in the region, but also some more developed EU countries, offers limited opportunities for advancement, which is why he chose Luxembourg.
"The similarities between Montenegro and Luxembourg mostly stop at the number of inhabitants. Although both countries have similar populations, Luxembourg has a GDP that is 13 to 15 times that of Montenegro, with the highest GDP per capita in the world. As a financial center with more than 200 financial institutions, Luxembourg has become one of the major global players in the fields of finance and technology. Their investments in research and development, especially in cyber security, far exceed what is possible in Montenegro," says Matović.
Illustrating Luxembourg's vision and commitment to innovation, he said that Luxembourg is among the leading European players when it comes to investing in the space sector, and that the country's strategy is to become a leader in the field of space resources and commercial exploitation of space.
He was criticized for his computer, now it's his way
Interest in cyber security, he says, began with an "idealized and almost romantic view of this area."
"Growing up under the influence of movies, I created a distorted image of cyber security as something full of quick, almost magical solutions, where hackers master the most complex systems in a few seconds. Over time, you realize that reality looks completely different - and that there are no instant solutions. Through constant work and learning, it becomes clear how important it is to have a thorough understanding of computer system architecture, operating systems, and programming, among other things," he said.
He also says that in the beginning, when his parents bought his first computer, they criticized him for excessive computer use, but that they quickly recognized his passion for technology and supported him.
"That laid the foundation for my future path, and the computer became a tool for learning and research."
Scientific work: Systems to recognize risks
The interlocutor of "Vijesti" says that the development of cyber security is crucial for the protection of critical infrastructure, such as power grids, health systems and transport networks...
"The collapse of these systems can cause serious consequences, including the interruption of basic services, large economic losses, and even endangering human lives," he said and added that the focus of the research group, of which he is a part, is improving the resistance of these systems to an increasing number of technological and cyber threats, to ensure their continuity and reduce the risks of such domino effects.
"The whole point of protecting critical infrastructure is that these systems must be continuously operational, regardless of potential errors or attacks. Errors and attacks must be tolerated in such a way that, even if a certain module in the system is compromised or stops functioning due to random errors or sophisticated cyber attacks, the system as a whole continues to work... The goal of my research is to develop methods that reduce traditional data and process replication costs, making these systems more efficient and flexible in dealing with dynamic threats," he explains.
As he said, in the modern world, where threats are increasingly sophisticated and unpredictable, it is crucial that systems not only recognize dangers, but also dynamically adapt to remain functional.
"I work to develop technologies that allow these systems to automatically recognize changes, react quickly and adapt their work to minimize risks and ensure continuity."
From the beginning, Aleksandar Matović's research has been focused on solving practical problems from industry, so his doctorate is also focused on practical solutions and, as far as his possibilities allowed, he spent a large part of his time developing prototypes.
"On the Day of partnership with industry and my interdisciplinary center, where I am employed within the University of Luxembourg, I had the opportunity to present several years of work through our case study based on the 'inverted pendulum'. This study shows how the system can remain functional even when control tasks fail. Inspired by control theory, we developed a solution that allows the system to tolerate errors for a certain period of time before it becomes necessary to react. It's similar to balancing a broom in your hand - even though the broom doesn't fall immediately, the system has some time to 'think' about the next step, allowing for more flexible and robust control," he explains.
The demonstration, adds Matović, showed how errors caused by cyber attacks can be controlled with fewer resources.
“For example, instead of five control tasks, the system is effectively stabilized with only three, which allows for a faster response to an attack and a reduction in required resources. This contribution would enable the construction of cheaper but equally resilient systems, which would have an impact on industries that rely on automated operations, such as aviation and manufacturing. The point of this solution was to demonstrate how, even when cyber-attacks or accidental errors occur, the system still remains stable and operates with fewer resources than initially required," he said.
Matović was also part of the ADMORPH project, one of the Horizon 2020 projects of the EU initiative, whose budget was over 80 billion euros for research and innovation. The project, it was explained, dealt with the development of robust and adaptive fault-tolerant systems, with the aim of demonstrating how systems can remain stable, even in the event of a cyber attack.
Attack 2022 "opened eyes"
When asked how he assesses Montenegro's readiness to fight cyber challenges and what the state should improve when it comes to cyber security, he says that the cyber attack on the IT infrastructure of the Government of Montenegro in August 2022 showed how important a serious approach is. year. At that time, numerous government services were unavailable, internally and externally...
"Although Montenegro has not yet reached the digitization level of many more developed countries, where such an attack could lead to a complete collapse, this incident clearly indicated the vulnerability of existing systems and the necessity of their improvement. It often happens that only when disasters happen, we become aware of the importance of preventive measures. Although the consequences of the attack were painful in the short term, I believe that it will have a positive effect in the long term, as it encouraged greater attention to the protection of critical infrastructure and better preparation for future threats," says Matović.
The state should offer above-average conditions
After a recent meeting with the Minister of Public Administration Maraš Dukaj, the Dušan Polović, from the Directorate for Information Security at the Ministry of Justice, the interlocutor of "Vijesti" gave the impression that things "started to change, especially after the cyber attack in August 2022".
"It is clear that it will be necessary to ensure stronger legal support and alignment with EU regulations, especially through the planned establishment of the Agency for Cyber Security, which is foreseen by the new Draft Law on Information Security and alignment with the NIS 2 Directive," he said.
Speaking about the challenges, he said that, in addition to the establishment of adequate legal frameworks, one of the biggest challenges is the lack of experts in the field of cyber security.
“What is a global problem. Estimates vary, but it is thought that there is currently a shortage of around four million professionals worldwide. An additional problem is that work in state institutions is not attractive enough for these experts. In order for the state to succeed in attracting and retaining such personnel, it will be necessary to offer conditions that are significantly above average. Otherwise, many will opt for more lucrative opportunities abroad, in private companies or the banking sector, where the working conditions are far more favorable," he said.
A future with even more challenges
Speaking about today's cyber challenges, Matović said that these are increasingly sophisticated attacks such as ransomware, phishing, identity theft, as well as attacks on critical infrastructure.
"Individuals are often the target of identity theft and fraud through e-mails and social networks, while organizations must solve serious challenges in protecting sensitive data, integrity of networks and systems, preventing data leaks and ensuring business continuity in the event of an attack," he said.
In this sense, he added, his research is primarily focused on the protection of complex systems and critical infrastructure, such as energy networks and industrial control systems, which are the foundation of modern society.
"Because these systems are critical to day-to-day operations, their ability to continue operating despite cyberattacks is essential to prevent potentially catastrophic consequences," he said.
He also adds that cyber security will become even more complex and challenging in the future, especially with the advancement of technologies such as artificial intelligence and deepfakes.
"Attack vectors are constantly increasing, and this trend is estimated to grow as systems become more and more interconnected. These technologies will allow attackers to create more sophisticated and difficult to identify attacks, which will make it more difficult to protect data and infrastructure. For example, deepfake technologies can seriously threaten identity and increase the spread of disinformation, while attacks supported by artificial intelligence can become faster and more precise," he said, adding that Montenegro will have to invest significantly more in the development of experts in the field of cyber security in order to be competitive and credible EU member in the future.
"Investment in education, research and professional development in that area is essential. It is necessary to build a strong institutional framework and support programs that will keep talent in the country... None of this comes overnight, it takes time and continuous efforts to achieve stability and security.”
"I plan to return home"
After receiving his doctorate, Matović received a new contract, so he will continue his work at the University of Luxembourg as a postdoctoral researcher. His interests, he says, are not limited to the academic sphere, but he is also attracted by opportunities in industry, especially entrepreneurship, and he would like to contribute to the strengthening of cooperation between Luxembourg and Montenegro.
"I plan to return home after further training. Although in my profession it is not crucial where I live, I want to come back when I feel that I have gained enough knowledge and experience to apply them in Montenegro, and at the same time maintain active ties abroad. At least today it seems to me that it is a good plan for the future."
A strong password, up-to-date software, critical thinking...
A cyber security expert said that the most important advice for protection in the online space is constant education and raising awareness of potential threats.
“Individuals need to be aware of risks such as phishing and fraudulent websites in order to recognize and avoid attacks. Using strong, unique passwords and two-factor authentication (2FA) are key measures that significantly increase security," he said.
Regular software updates are essential, and it is important to avoid unverified links and attachments, and to use antivirus programs to further protect your devices.
“Recently, I saw firsthand how sophisticated social engineering attacks have become. Social engineering involves manipulating users to get attackers to voluntarily hand over confidential information, and these attacks have become so creative that they can be considered an art form. After ordering a product from a very popular e-shopping service, I received an email a few days later, just when I expected the package to arrive at my address. The email looked completely legitimate, informing me that my package had arrived in the country and was in customs. Although everything seemed credible, clicking on the link would redirect me to a fake website designed to collect my data," he said, adding that this example shows how far attackers go in creating convincing scenarios, which often results in data misuse.
In addition to technical measures, Matović adds, it is important to develop critical thinking when interacting with digital channels.
"Before you click on a link or open an attachment, you should always check the source and think about the authenticity of the message. Additionally, backing up data enables rapid recovery in the event of an attack, ensuring data availability even if the system is compromised.”
Bonus video: