Cyberspace is an environment characterized by insecurity and asymmetry, posing new risks and threats to national and international security. Following its designation as national authority in the field of cyber intelligence by the Supreme Council of National Defense (CSAT), the Romanian Intelligence Service’s National Cyberint Center has endeavored to identify, prevent and counter the vulnerabilities, risks and threats to Romania’s cyber security.
Its main goal is to correlate technical defense systems with intelligence capabilities in order to identify and provide legal beneficiaries with the necessary information to prevent, contain and/or preclude the consequences of any attack against the IT&C systems that are part of critical infrastructure.
The main manifestations of cyber threats to Romania’s national security are cyber-attacks carried out by four categories of cyber criminals – states, cybercrime groups, extremist (hacktivist) groups and terrorist organizations.
In fact, the main categories of actors that are likely to generate threats to cyberspace are also enumerated in Romania’s Cyber Security Strategy:
- persons or organized crime groups exploiting the vulnerabilities of cyberspace in order to obtain material or non-material benefits;
- terrorists or extremists using cyberspace in order to carry out or coordinate terror attacks, communication and propaganda activities, recruitment and training, fundraising etc. for terrorist purposes;
- state or non-state actors that initiate or carry out activities in cyberspace for the purpose of gathering intelligence on government, military and economic policies or of posing other threats to national security.
The Romanian Intelligence Service emphasizes the importance of the efforts aimed at developing a security culture among the general public by raising awareness of the vulnerabilities, risks and threats posed by cyberspace and of the need to ensure the protection of their own IT systems.
Nowadays anybody can be targeted by cyber-attacks and the most important state institutions are usually the first victims. The weak link is still represented by the human resource, the individual in front of the computer. We don’t have to become all experts; we just need to stay informed about the need to protect our IT systems and the way we can achieve this.