Two cyber weeks in Romania

The last two weeks were a solid test to our national-level cybersecurity capabilities and resilience:

• One cyberattack against the House of Deputies (the Romanian Parliament)
• One against our national healthcare sector and its IT&C supply chain

It is a fact that we can successfully stand against (at least) one major cyberattack per week, and that the public-private cyber national ecosystem can deliver, even in a near cyber-crisis situation.

For whoever works in the profession, enough said that DNSC decided to neither escalate, nor activate the EU-CyCLONe mechanism. Because we handled it …

On the Directorate’s side, I and the core members of my technical and communication teams were in a real life, real world, no-errors-allowed situation. Living about two weeks on coffee and energy drinks in DNSC’s virtual and on-premises war rooms is quite a hardening experience for any cyber professional.

I am also particularly pleased that it is now proven you can manage major cyber incidents with teams that work remotely and use technology to liaise, communicate and respond. The physical presence of everyone in one room is just obsolete, backwards thinking and no longer the best way to work and deliver for cyber professionals.

Folks, a professional team is not using paper folders and rubber stamps during a cyber crisis, but laptops and encryption, threat intel datafeeds, and video links across the country and the world, and is shooting out scripts, instructions, IOCs and Yara rules. We are living in the XXI century, not in the XIX, please...

I conclude that DNSC has succeeded in proving its capability to activate, coordinate with and work together with both victims of cyberattacks and key government and private actors involved in addressing them.

And we proved it during two very busy weeks while we simultaneously:

• Delivered a 1-day hybrid workshop with 100+ healthcare decision makers, IT&C and cyber experts, just 2 days after the cyberattack on hospitals
• Delivered a 1-day cyber risk management workshop in Constanta, with the key players of maritime and Danube transport industry
• Managed to be on-site in Chisinau, Republic of Moldova for supporting our brothers for the launch of their national Cyber Security Agency
• Had a team on-site in Kyiv, Ukraine (please do not ask for any details)
• Got on the 4th place (DNSC + Nuclearelectrica) in the European cyber exercise for energy sector, held in Warsaw, Poland
• Briefed on-site at DNSC several representatives of foreign Embassies to Bucharest
• Submitted 5 new grant applications for projects aimed to build more cyber capabilities at national level, and prepared 12 others
• Supported the successful launch of the Romanian Chapter of Women for Cyber W4C, with an online gathering of cyber ladies
• Monitored over half-million distinct and relevant cyber events and a couple of thousands of incidents
• Had over 25 mainstream media interventions on the topic of the two cyberattacks or cybersecurity, in general

And I can fill in several more pages here …

Concerning the aftermath of two cyberattacks, we still (collectively) have plenty of work ahead of us for running a thorough post-mortem incident analysis, working on digital forensics, drawing the lessons, and activating additional appropriate countermeasures that shall better protect the victims.

I am pleased and proud that Romania is fulfilling (especially during these two incidents) its pledge to fight and counter ransomware by denying attackers’ acces to financing their malicious activities or getting any fame or credit from their criminal activities. Simply put, we do not pay any cyber ransom and we do not negotiate on this topic!

Offers of support were made by our international allies and partners, and I am grateful for each and every single one of these. But, in the very first place, Romania had to test and trust its own capabilities and willingness to address, contain, deter and respond to such cyberattacks.

On a different note, I want to especially praise the valuable support and work of both national and international media, during these two weeks, concerning the said cyberattacks. I cannot hide that I am happy about the recognition we received from media for a transparent best in class cyber communication handling.

In an era of fake news, deep-fakes, and hostile propaganda, with a real hybrid war going on at Romania’s borders, most media representatives have shown remarkable interests, commitment, and professionalism.

Journalists and influencers were instrumental in presenting facts, in informing the citizens and in supporting the overall efforts to keep everyone updated on the evolution of the attacks.

I must acknowledge that without this support it would have been difficult to convey the key DNSC instructions and messages at the right moments and with the strongest impact. Thank you!

Trolls and pseudo cyber experts were there too, “helping” as usual, but they miserably failed in whatever they attempted to disturb, divert, or deny. No one’s loss…

To the rest of us, Godspeed!!!

Dan Cimpean

The Director of the Romanian National Cyber Security Directorate

#Romania #cybersecurity #cyber #infosec #infosecurity #resilience #cyberattack #security #hospitals #healthcare #parliament #communication #crisismanagement #DNSC The Romanian National Cyber Security Directorate