The government's decision to approve procedures for identifying, classifying, escalating, and managing cyber crises considers media management during a cyber event to be an essential element for maintaining public stability and social trust.
When managing relations with the media, institutions must consider several delicate factors, the decision states.
Cyber incidents that receive public attention are often accompanied by criticism, which can come from professionals in the field who are not directly involved in the investigation, as well as from parties who regularly cooperate with the affected entity. Another sensitive element is the identity of the attacker, who often aims for media attention and visibility, turning the attack itself into a propaganda tool. However, attribution of an attack is usually unclear and takes time, so public communication must be careful not to encourage misinterpretations.
The public, meanwhile, does not always clearly distinguish responsibilities between critical infrastructure, private or national, while the technical language of cybersecurity remains complex and often incomprehensible to different segments of society, the document states.
The main challenges of communication during the crisis
According to the decision, one of the biggest challenges remains maintaining the balance between speed and care in providing information.
While timely reporting, even when partial, helps guide public communication, unsubstantiated statements or strong assertions can prove inaccurate over time. Equally problematic is the lack of information, which in dangerous situations can generate panic and uncertainty.
In this context, the decision emphasizes, maintaining public trust in state authorities and the digital space requires transparency, comprehensive information, and demonstration of institutional capacity for crisis management.
When public notice becomes necessary
There are a number of cases where making a public announcement should be considered a priority. These include damage or attempts to damage information infrastructures that affect critical services to the public, such as transport, health, water or electricity supply, as well as disruptions of services of broad social interest.
Notification is also necessary when interconnected infrastructures are affected that endanger other service chains, when there are attempts with a wide economic effect, or events that create “noise” and a wide social impact. Special cases include damage to government symbols, attacks on financial institutions that may undermine confidence in the financial system, as well as events that directly or indirectly affect public safety and the personal well-being of individuals.
Tackling disinformation and fake news
In a cyber crisis, disinformation and fake news pose an increased risk. Countering this phenomenon requires a rapid and structured response, ranging from active monitoring of the online space and social networks to the use of command centers or existing operations structures.
According to the decision, establishing institutional authority through experts, visual materials and direct communication with the public, as well as clearly exposing fake news, are essential measures for raising awareness and promoting critical thinking in society.
Giving examples using self-deception – showing what is wrong and why to refute the claim; calling on the public to share accurate information. For example, a photo of fake news is taken and a label is added that reads “Fraud/Warning! Fake news!”). An article is written on the topic and the false information is displayed, the decision states./ekofin.al
