BANJALUKA – Under the pretext of cybersecurity and protecting children on the internet, the Government of Republika Srpska has begun implementing a digital surveillance infrastructure over institutions, citizens, and the media, combining Russian security models, Chinese hardware and software, and Israeli training methods in this field, exclusively reveals the CAPITAL website.
According to our sources and information we have gathered, the Republika Srpska Agency for Information and Communication Technologies recently presented to selected government officials and managers the first steps toward the implementation of Chinese software, which will cost 57 million BAM taxpayers’ money.
This involves a secret contract between the RS Government and the Chinese company ELINC, which is connected to the military industry and whose software will provide security to all institutions in Srpska for ten years. This company was awarded the contract without a public tender, behind closed doors, as CAPITAL published exclusively earlier.
No journalists at this conference
At an internal meeting exclusively for selected officials of the RS Government, called the “First Mezoregional ICT Conference,” held on April 11 at the Administrative Centre in Banja Luka, details of the Republika Srpska authorities’ plan to establish control over cyberspace were revealed. At this secret conference, hidden from the media and the public, where participants were repeatedly reminded that journalists were not allowed, the project was presented as a solution for the security of institutions and citizens, with a special focus on children, but also on the media that publish “bad news.”
According to information confirmed to CAPITAL by multiple sources, the plan foresees the establishment of 15 hubs in Republika Srpska by 2027, with a data center at the Faculty of Electrical Engineering in East Sarajevo and a main support center in Kragujevac, Serbia. These hubs will connect all institutions in Srpska, combining components and software procured from China, supported by Russian systems for “capturing” cyber threats.
Personnel for this project are being trained through the “Cyber Academy,” organized in cooperation with the Israelis (media have previously reported on the training provided by the Israeli company Elta Systems).
Improving the chronically poor cybersecurity of Republika Srpska institutions is considered an “urgent issue,” despite the enormous amounts of money spent on software run by privileged IT companies that are on the U.S. blacklist. However, the announcements made at this conference resemble more the establishment of state control over the internet, like authoritarian regimes in countries such as China, Israel, and Russia, whose companies are involved in this project, rather than genuine improvements in cybersecurity.
Speakers at the conference stated that the first phase of the project began in October last year already, by designing equipment that is expected to arrive via cargo flight at the Banja Luka airport within two months.
They emphasized the “large dispersion of institutions and their ICT infrastructure, as well as the lack of human and technical capacities within those institutions.”
Poor infrastructure
This means that the information systems into which the authorities have poured hundreds of millions of convertible marks simply do not work, that the institutions are not interconnected, and that they are facing a chronic lack of trained personnel and technical resources.
“There are many institutions in Republika Srpska, but also many shortcomings and different infrastructures. The process will therefore move more slowly,” it was said at the seminar.
They believe that the accumulated problems will be resolved by purchasing the custom-made Chinese system.
“All these activities and procurements will be covered by a future legal framework,” it was announced at the seminar, indicating that the paperwork will be retroactively “adjusted.”
They state that it would be a decentralized structure that will have a national data center at the republic level, to which 15 hubs would be connected to a high level of security equipment installed within their structure.
These centers will connect institutions that cannot provide “in-house,” i.e., independent protection, and will also include those that previously paid significant amounts for such protection.
The center of this ecosystem will have several purposes: the protection of public administration and the protection of children and youth from harmful content.
“We will use a logical Russian system similar to the one used by Roskomnadzor (the Russian Federal Service for Supervision of Communications, Information Technology, and Mass Media), as well as the Chinese system. There is a high level of restriction involved, as it is assumed the users are children. Everyone must prove they are not a child. While we are still dealing with filtering content, their approach is that nothing is accessible unless you prove you are an adult and allowed to access it,” it was said at the seminar.
No more bad news
The speakers also explained that each of the 43 detected types of threats related to children has its own specifics and requires a different approach. They also mentioned the media and their reporting, and how this affects children.
“For example, when we talked about media measures and spoke with the media, we told them that bad news is harmful to children. Not fake news, forget about that, but bad news in general. It affects us negatively, let alone children. That's why we will apply Roskomnadzor's zero-tolerance policy. Zero tolerance! We told our media: ‘If we were to analyse you, none of you would pass!’ Just take any news today and read it — God help us, it makes people feel bad. Now imagine what it's like for children. We will adopt their zero tolerance for everything through our system,” said one of the speakers to the seminar attendees.
However, he added a disclaimer and noted that they cannot demand such zero tolerance from the internet provider company m:tel, as it is a commercial company that, due to European standards, cannot allow such restrictions.
It was also stated that there was an initial intention to inform the public about this project, but an order came “from above” that everything must be kept secret, so that no one could jeopardize it.
After analysing the institutions and their security levels, it was said at the seminar that the ICT representatives sent a “crazy inquiry” to the Chinese, listing all the requirements and needs, and received the most comprehensive and reliable response from them. To paraphrase, the Chinese will, for 57 million BAM from the Republika Srpska citizens, build a custom-made system that will have both state and commercial components.
The plan is for the system to provide free protection to public institutions, while others will be able to connect by purchasing protection packages, which introduces the commercial component.
Systems’ commercial component and “catching” threats
According to the speakers, the system will provide a wide range of different protection measures, and through international cooperation with partners, it will receive daily updates on detected threats.
“Russia and China have systems for ‘capturing’ threats targeting children and youth, which we have not had access to until now, but we will gain them,” it was said at the seminar.
Additionally, the speakers stated that the new system is currently hosted within the RS Government, but the “legal framework” that will enable technical access for faculties of electrical engineering and the scientific research community is expected to be finalized soon.
In a somewhat confusing segment, the speakers concluded by saying that this is a mega-investment being carried out in cooperation with Serbia, which will take them to the global market.
“This is a joint plan between us and the Government of Serbia, specifically the Office for IT of the Serbian Government. This is a mega-project and a mega-investment that must be implemented wisely. The Government of Serbia invested 500, 600, or even 700 million euros in the data center in Kragujevac. We have found a solution that is unique in the world, developed with those who are the best in the field — China Electronic Corporation (CEC), which protects China. We have seen the extent of their power and how quickly they work. We have a Western engineering style, but they are different, like aliens — they do everything quickly and efficiently. They are a hundred steps ahead of Europe,” the speakers said at the seminar.
The Chinese company ELINC is owned by China Electronic Corporation, which has been on the American “blacklist” for three years, which was also reported by CAPITAL.
We asked IKT RS for details of this project. Although they said they would try to deliver answers by 12:00 today, that did not happen, so we will publish the information from them when we receive it.
Director of Transparency International in Bosnia and Herzegovina Ivana Korajlić says that the information that the authorities will allow foreign governments to monitor our citizens is worrying.
“The question is how it will be used, who will have access to the data and whether it will be misused. If these are companies that are close to the governments of those countries, which they probably are, the question arises as to whether and why our authorities will allow foreign governments to monitor our citizens on the internet,” says Korajlić.
Referring to the ethical problem in the implementation of the contract, Korajlić says that it is right to introduce regulations and the responsibility of creators who create content for children.
“The problem is if, under the disguise of protection from malicious software, viruses and cyber-attacks, we move towards restricting access to content and sites that someone “up there” considers harmful. Cybersecurity is one thing, and restricting access to information, that they wanted for years, is quite another,” says Korajlić.