Romania Battles State Actors in Cyberspace
A nation that once was part of the Soviet bloc now finds itself on the front lines of unrest in Ukraine, territorial disputes in the Black Sea and state-sponsored attacks in cyberspace. Romania, now a stalwart member of NATO and the European Union, is playing an increasing role in cybersecurity, both regionally and internationally. It is passing a national cybersecurity law and reaching out to assist other nations, directly and indirectly, with cyber defense.
Romania is striving to become a regional cybersecurity hub, says Florin Cosmoiu, head of the Romanian Intelligence Service’s (SRI’s) National Cyberint Center. The country’s related efforts range from creating nationwide education and awareness programs to participating in multinational cybersecurity organizations and activities.
Cosmoiu declares unambiguously that state actors represent the most significant cyberthreats to Romania. Some countries include cyber attacks in their offensive arsenals, and they have built up sophisticated resources to conceal and deny their involvement. These deception efforts involve the use of other perpetrators, such as organized crime and hackers.
But cyber attacks are only one piece of the digital threat. Cyber espionage operations against Romania are rampant, and Cosmoiu notes that they are an essential part of other nations’ efforts to gain a strategic advantage. He adds that this advantage could be political, military or even economic.
Romania has faced its share of state-sponsored cyber attacks, Cosmoiu relates. These include Red October, MiniDuke and Sofacy. The National Cyberint Center, along with the SRI, investigated these attacks in cooperation with other national institutions and foreign partners. Cosmoiu reports that these investigations revealed that “hostile cyber entities” are working to gain access to national strategic networks. Their aim is to collect intelligence on national defense, foreign affairs, research and development and national resources.
Many of the threats Romania faces are similar to what other nations confront, Cosmoiu allows. For example, Romania is the target of the same cyber attackers, using the same methods, as the other members of NATO and the European Union (EU).
Romania shares cyber intelligence with those two groups and ensures all partners receive pertinent information. “Since the cyberthreat is asymmetric and borderless, it is clear that a fragmented approach is inefficient,” Cosmoiu observes. Romania also employs the Malware Information Sharing Platform (MISP), which NATO member countries use to exchange information vital to reacting to and mitigating attacks, he adds.
Romania’s increased role in NATO cybersecurity activities includes providing specialized expertise to Ukraine to help that country defend itself against cyber attacks. Cosmoiu explains that Romania also has developed several cybersecurity projects in the context of its NATO membership.
One, the Multinational Cyber Defense Capability Development (MN CD2) initiative, will facilitate the creation of national cyber capabilities to help countries better prepare for, prevent, detect, respond to and recover from major cyber attacks. Romania’s work with MISP will have a hand in enhancing information sharing between contributing members as well as maintaining and expanding their technical capabilities. Romania also is involved with the Multinational Cyber Defense Education and Training (MN CD E&T) project to develop cyber education and training capabilities. The country aims to meet allies’ needs and gaps with an eye toward a common view, collaboration and interoperability, Cosmoiu says. Romania takes part in annual coalition cyber exercises as well, he adds.
Most of Romania’s cybersecurity activities differ little from those of other NATO and EU nations, Cosmoiu says. This enables greater cyber cooperation among the country’s allies, he notes, adding, “Usually, partners with similar needs employ similar methods that have to be within legal boundaries.”
While cyberspace is global, regional events heavily influence what occurs in the borderless domain. Cosmoiu continues that the unrest in Ukraine and Crimea have had “consequences to Romania’s security.” Romanian organizations have been working hard to minimize these consequences and keep the situation under control by anticipating and dealing with risks, he says. In the cyber realm, consequences are different from those of other domains. Cyber actions are more subtle and obfuscated, Cosmoiu points out, and this requires greater attention. Romanian officials are not looking in different places for threats so much as keeping their eyes open wider. “This has made us more attentive and careful than before,” he says.
The country’s security efforts are diffuse. A key characteristic of Romania’s cybersecurity architecture is that it is not centralized, Cosmoiu explains. Instead, it is spread across a range of government organizations. The SRI is the designated overall national cyber intelligence authority. Many agencies and ministries are active contributors to these cybersecurity efforts, Cosmoiu says, noting that more than eight institutions are heavily involved.
His hope is that this activity will be buttressed by a new national cybersecurity law. The country has been working to establish this law for some time. The most recent version, which would place greater emphasis on protection of cyber infrastructure, has been updated and redrafted in accordance with amendments attached by Romania’s Constitutional Court. Following public debate, the proposed law is being analyzed in the Romanian Parliament as part of its legal approval process, Cosmoiu states.
One of the most important points of the new law is that the owner of a cyber infrastructure would be more responsible for its protection. For example, owners would have to take necessary security measures to protect their infrastructure elements. This would help provide a big improvement in cybersecurity nationwide, Cosmoiu suggests. The law, which he is optimistic will take effect this year, also would mandate that critical infrastructure owners notify Romanian government authorities of any cyber incidents. Most elements of the country’s critical infrastructure are privately owned and operated, although some parts are in public institutions.
Cosmoiu says he believes that Romania is well-positioned to be a vital player in Free World cybersecurity. He claims the country has one of the world’s best cybersecurity companies in Bitdefender, and it has many outstanding startups, citing Binarly as one of them. “We are creating the premises to become one of the most relevant countries in the cyber ecosystem,” Cosmoiu maintains.