Two cyber weeks in Romania

The last two weeks were a solid test to our national-level cybersecurity capabilities and resilience: One cyberattack against the House of Deputies (the Romanian Parliament) and One against our national healthcare sector and its IT&C supply chain. It is a fact that we can successfully stand against (at least) one major cyberattack per week, and that the public-private cyber national ecosystem can deliver, even in a near cyber-crisis situation.

an article written by Dan Cimpean – The Director of Romanian National Cyber Security Directorate

For whoever works in the profession, enough said that DNSC decided to neither escalate, nor activate the EU-CyCLONe mechanism. Because we handled it …

On the Directorate’s side, I and the core members of my technical and communication teams were in a real life, real world, no-errors-allowed situation. Living about two weeks on coffee and energy drinks in DNSC’s virtual and on-premises war rooms is quite a hardening experience for any cyber professional.

I am also particularly pleased that it is now proven you can manage major cyber incidents with teams that work remotely and use technology to liaise, communicate and respond. The physical presence of everyone in one room is just obsolete, backwards thinking and no longer the best way to work and deliver for cyber professionals.

Folks, a professional team is not using paper folders and rubber stamps during a cyber crisis, but laptops and encryption, threat intel datafeeds, and video links across the country and the world, and is shooting out scripts, instructions, IOCs and Yara rules. We are living in the XXI century, not in the XIX, please…

I conclude that DNSC has succeeded in proving its capability to activate, coordinate with and work together with both victims of cyberattacks and key government and private actors involved in addressing them.

Concerning the aftermath of two cyberattacks, we still (collectively) have plenty of work ahead of us for running a thorough post-mortem incident analysis, working on digital forensics, drawing the lessons, and activating additional appropriate countermeasures that shall better protect the victims.

I am pleased and proud that Romania is fulfilling (especially during these two incidents) its pledge to fight and counter ransomware by denying attackers’ acces to financing their malicious activities or getting any fame or credit from their criminal activities. Simply put, we do not pay any cyber ransom and we do not negotiate on this topic!

Offers of support were made by our international allies and partners, and I am grateful for each and every single one of these. But, in the very first place, Romania had to test and trust its own capabilities and willingness to address, contain, deter and respond to such cyberattacks.

More details here