An Suggested Policy Memo for Improving the Cybersecurity by Romania’s National Cyber Security Directorate

By Anirudh Ramakrishna Phadke

TO: Directorate National De Securitate Cibernetica, Romania¹

FROM: The National Security Advisor

RE: Our policy on countering recent cyberattacks (2022) and improving Romania’s Cybersecurity.

Objectives

• To strengthen the organisation’s agenda and increase the size of its employees to smoothen the decentralisation of workload. Formulate a policy oriented cyber strategy to develop on course of this newly formed organisation.²
• Construct an excellent cyber defence as well as offensive capabilities.
• To prevent another, cyberattack on Romania’s critical infrastructure related to government, military, national banks, mass media websites, and other essential elements of interests connecting with cyber realm.

Background

On April 26, 2022, Romania’s high-profile delegations like Prime Minister Nicolae Ciuca, Minister of Foreign Affairs Bogdan Aurescu, and the President of the Chamber of Deputies of Romania Marcel Ciolacu visited Ukraine’s capital city Kyiv to meet Ukrainian President Zelenskyy, Prime Minister Denys Shmyhal, and the President of Rada, Ruslan Stefanchuk. The high-profile meeting ended up in Romania’s dedicated support towards Ukraine and its aspirations for European integration, as well as helping the war-torn country in its reconstruction phase.

Furthermore, Romania’s President of the Senate Florin Citu visited Ukraine by himself the very next day after which he stated that Bucharest will support Ukraine more than any other country including by supplying military coordination and equipment.

These two high delegation meetings resulted in publishing a statement by the Russian President Putin stating that Russia strongly condemns US backed up countries supporting Ukraine. Further the statement conveyed those outside countries making intervention in current Russia’s invasion of Ukraine is creating strategic threats for Russia and retaliation towards those countries will be only by use of force.

On April 29, 2022, pro-Kremlin hacking group called Killnet, launched a series of cyberattacks on various critical infrastructures belonging to Romania, which lasted till 1 May. The two-day series of multiple DDoS attacks resulted in damage of cyber infrastructures of Romanian government, military, national banks, and news publication outlets. Further the websites of the Ministry of National Defence (MApN), the Romanian Border Police, and of state railway were taken down as a retaliation to Romania-Ukraine high delegation meetings. The state railway had to adopt alternate means of issuing train tickets digitally.

The Killnet group eventually took down the website belonging to Romania’s National Cybersecurity Directorate (DNSC) and Romanian Police. The hacking spree by Killnet further resulted in demolition of websites and users’ data belonging to seven Romanian airports including the one located at its capital Bucharest.

The following options with the pros and cons for each have been developed by the office of National Security Advisor to facilitate strengthening of our country’s cyber capabilities and prevent future cyberattacks on Romanian soil.

Option One: Strengthen DNSC in all possible aspects

Since DNSC is a newly formed organisation to replace its predecessor the Romanian National Cyber Security Incident Response Team (CERT-RO), the organisation must shape its agenda in a crystal-clear notion. Unlike the predecessor, DNSC must widen its area of focus and responsibility by adopting to the ever-changing landscape of advancing technology. The directorate should know the disadvantages of its predecessor whereby their outdated structure and least effective modus operandi were some of the causes for its closure. The directorate must aim to create an agenda matching the current trends and developments in cyberspace.

It has been reported that the directorate will aim to become a competent authority at the national level as a civilian based cybersecurity organisation. Additional amendments such as collaboration with other government agencies like Presidential Administration, several ministries including foreign affairs, national defence, internal affairs, and intelligence agencies to further strengthen the objectives of the DNSC. Collaborations with these agencies will unlock the cross-cultural work abilities as well as sharing of data and enhanced cooperation.

It has also been reported that DNSC currently has employees’ size ranging between 51 to 200.³ Romania lost nearly $3 million in 2019 due to cyberattacks, which is reported to increase over coming years. Also, for an organisation established at the national level to deal with cybersecurity for country, then workforce becomes a principal element. DNSC should increase its employee size ranging between 500 to 700 people for smoothening the workload given due to the nature of organisation.

Our country having the second highest defence spending in Europe, proper………

Read the full article from our recent publications

References and Endnotes

1. FYI in English: National Cybersecurity Directorate, Romania
2. FYI: The National Cybersecurity Directorate is a newly formed government organisation on 24 September 2021, that is responsible for cyber security at national level for Romania. Abbreviated as DNSC, the organisation replaced CERT-RO.
3. National Cyber Security Directorate, LinkedIn.

Views and opinions expressed in this article are those of the author. This article was originally published by the author in his book titled “Research Papers on Defence & Strategic Studies Vol. 2”. Image credit, click here.

About the Author

Anirudh Phadke is the Founder/Editor of The Viyug. He holds a Master of Science (Strategic Studies) and certificate in Terrorism Studies from S. Rajaratnam School of International Studies (RSIS) at Nanyang Technological University (NTU), Singapore. He can be reached out via email at anirudh.r.phadke@viyug.com.

Share this article with your friends and colleagues on Twitter

Read this article titled “An Suggested Policy Memo for Improving the Cybersecurity by Romania’s National Cyber Security Directorate”.

Tweet

Follow us on Social

• Twitter
• Twitter
• Amazon
• LinkedIn
• Mail
• YouTube
• Spotify