The last few years have brought incredible leaps in technology, all fields seeing new and impressive heights that could only be imagined twenty years ago. But the rapid developments in technology came with greater risks in terms of cybersecurity. Romania plays an important role in terms of resources and capabilities in the cybersecurity field and makes ensuring a safe cyberspace a top priority for the country.
For these reasons, Bucharest has been chosen to host the European Cybersecurity Competence Centre, cementing its role as a cybersecurity hotspot. Given the technological developments and challenges and the need to ensure the safety of cyberspace, a new, updated Cybersecurity Strategy for 2022 - 2027 (Strategy) was needed. The Strategy and its implementation Action Plan were adopted in December 2021.
A New Vision for Cybersecurity
The Strategy envisions several focus points that are of utmost importance in the current cybersecurity climate. These include the promotion of an up-to-date vision meant to help the whole of society, including authorities, public administration institutions, private entities, academia, and citizens, while also fulfilling national security objectives and commitments assumed within NATO and the European Union. The Strategy aims to create the necessary premises for the development of the business environment, the national economy, and the educational and research area. These actions are meant to counteract threats arising from various sources, such as entities associated with state agents, cybercrime groups, or ideological groups.
Strategy Goals
The Strategy foresees several steps leading to five goals aimed at ensuring cybersecurity. These cover the entire spectrum connected to cybersecurity, starting from the very root of the problem.
The safety and resilience of networks and systems is the first goal, only being achieved by implementing both policies and measures aimed toward increased cybersecurity and working towards the improvement of national capabilities for tackling threats. Financial, technological, and human resources will be provided for reaching such a goal. However, no improvement and no step towards the proper security of cyberspace can be achieved without a proper legislative framework. As technology is one of the fastest evolving fields, the Romanian legislative framework cannot afford to fall one step behind. A fluid and modern framework must be backed up by institutional cooperation, especially with the emergence of new institutions. A proper institutional framework would include cementing the purpose of the Operative Council for Cybersecurity as well as safeguarding the activity of the newly created National Directorate for Cybersecurity.
Additionally, strengthening the partnership between the public and private sectors is of the utmost importance. The need for programs to raise awareness and educate citizens on the importance of cybersecurity is stringent, and such information must become common knowledge. Furthermore, consolidating the knowledge and preparation of those directly working in the field of cybersecurity and broadening their competences is vital. Lastly, the entire cybersecurity industry needs a refresh. Thus, investing in development, research, and innovation could provide for additional opportunities, for talents to remain within the country, and for generally better cybersecurity. Converting a reactive fight for cybersecurity into a proactive one is another goal of the Strategy. Preventing cyberattacks altogether is much easier than having to do damage control. This can be achieved by developing national computer emergency response teams as well as security operations centers, in both the public and private sectors.
Lastly, being part of international organizations plays a key role in the Strategy, Romania’s position within various international organizations offering a great number of opportunities. Establishing common strategies, increasing state collaborations, furthering the cybersecurity policies promoted by NATO, exchanging best practices, and expanding the role that cyber diplomacy plays are all key ingredients.
A Collective Challenge
As the Strategy was set as a milestone of the National Recovery and Resilience Plan, adopting it was of the utmost importance for Romania. Following the principles and goals set within will, however, prove to be a challenge. In the context of technological evolution, the Strategy represents more than a plan on paper, but its aim must be squarely on bringing together authorities, institutions, academia, and the private sector in a concerted effort to ensure a safe and secure cyberspace in Romania.
By Cristina Cretu, Co-Head of TMT and Data Protection, and Sonia Benga, Associate, MPR Partners
This Article was originally published in Issue 9.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.