Romania, as an important transit link for Azerbaijani oil and gas supplies to Europe, has been paying increased attention to energy infrastructure sustainability issues in recent years. The development of digital technologies and the growing interconnectedness of energy systems enhance the importance of cybersecurity as one of the key factors in the reliability of cross-border supplies.
Dan Cimpean, Director of the Romanian National Cybersecurity Directorate, spoke in an interview with Report about current cybersecurity challenges, national priorities and institutional interaction practices, as well as possible directions for international cooperation.
Report presents the interview:
- What challenges did Romania face in recent years, given its role as an important energy transit hub?
- The energy sector is certainly one of the most critical for Romania. From a cybersecurity perspective, we note that the two largest incidents in the last three years occurred specifically in the energy sector: one in the oil and gas sector, the other in the electricity sector. At the same time, we observe a clear convergence of cyber incidents and cyberattacks with various hybrid forms of influence, including attempts at sabotage, foreign interference, manipulation, and disinformation.
Such attacks are rarely isolated and increasingly become part of complex operations. That is why we pay special attention to all current threats and incidents affecting the energy ecosystem in a broad sense - from extraction and transportation to management and distribution. Based on the technical data available to the Romanian Cybersecurity Authority, I can say that in most such cases, we are dealing with actors who are encouraged, sponsored, or managed by the Russian Federation. These structures deliberately attack Romania's national cyber infrastructure, especially when it comes to the energy sector, as one of the most sensitive and strategically significant.
- How is Romania developing integrated protection strategies that cover both physical and cyber threats to critical energy infrastructure? What lessons from your experience might be useful for protecting multinational pipeline systems?
- First of all, I would note that we have had an updated national cybersecurity strategy for several years, which pays special attention to the energy sector, as well as transport and a number of other industries, and emphasizes interdependence, how much our energy infrastructure and energy supplies depend on countries in the region, as well as on key partners, business partners, allies and friends.
From this point of view, it is absolutely clear that we must approach this comprehensively. We need to develop common incident response capabilities together with other countries. And we also need to pay great attention to sharing intelligence about threats, both technical and non-technical. This, in my opinion, is the only way to increase the resilience of the sector, strengthen resilience between countries, and successfully counter major cyber attacks, which, especially in the energy sector, tend to be cross-border or at least regional in nature.
- You mentioned the region. Romania faces unique cybersecurity challenges given its position on the Black Sea and proximity to ongoing conflicts, if thinking about Russia and Ukraine. What cyber threat patterns do you observe in the region, and how relevant might they be for countries like Azerbaijan, given similar geopolitical conditions?
- The fact is that the aggressive war against Ukraine has side effects in cyberspace, and it's important to note that the techniques, tactics, and protocols used by attackers, groups involved in cyberspace operations directly related to this war, have significantly evolved over the past two to three years. And this causes serious concern for all countries in the region. In particular, we note that in Romania, any political event, any political statement, any major governmental, regulatory, or national initiative is immediately followed by a wave of cyber attacks, most of which have political motivation or are related to the war between Ukraine and Russia.
These kinds of attacks have a systematic impact on countries in the region. This is an extremely complex phenomenon that has long gone beyond technical aspects. It requires careful coordination and analysis. We have also noted in Romania, and literally some time ago in Moldova, that the political process is also influenced by or subjected to cyber operations of any kind, form, and type. Overall, a very complex technical threat landscape that needs to be considered, and we need to adapt our working methods to the new reality.
- What are the most sophisticated cyber attack techniques Romania has observed targeting critical national infrastructure, and how is your directorate developing defensive strategies in response to increasingly complex threats?
- The most sophisticated attacks we are aware of, especially in the energy sector, frankly speaking, have been ransomware attacks. They exploited vulnerabilities in the supply chain of operators in the energy sector. That is, they initially attacked suppliers, then performed "lateral movement" to other infrastructure elements, and the attackers managed to encrypt hundreds of infrastructure elements, mainly servers, both in the cloud and on premises.
Undoubtedly, ransomware is the worst type of attacks, and in most cases, they exploit traditional vulnerabilities, especially those related to privileged users - administrators, system operators, etc. We haven't yet seen large-scale cyber attacks targeting operational technology (OT), but we expect such incidents to become more frequent as more legacy technologies are decommissioned and replaced with smart devices, industrial control systems, and other internet-connected OT. Most of these are indeed complex, but well-known to engineers rather than cybersecurity specialists or IT professionals.
- Romania and Azerbaijan, in addition to cyber operations, face coordinated disinformation campaigns. How does your department coordinate actions with other agencies to counter such hybrid threats, and which organizational models have proven most effective?
- Based on our experience in Romania, I can say that close interagency cooperation, coordination, and synchronous communication between government structures are of fundamental importance. We became particularly aware of this last year during the electoral process, when a series of elections - for the first time in the country's history - was canceled and then held again. This experience showed how important it is to eliminate bureaucratic gaps and build joint work between law enforcement agencies, civil departments, the intelligence community, and all government structures involved in ensuring democratic procedures. For us, this was one of the key lessons.
We saw that the countries that successfully countered cyber attacks associated with hostile foreign interference, disinformation, and manipulation achieved success through such a comprehensive approach. This involves deeper coordination within the state, as well as active dialogue with international partners, sharing experiences, developed solutions, and tools. At the same time, close interaction with social media platforms, which play a key role in disseminating information and, consequently, in countering disinformation campaigns, is becoming increasingly important and necessary.
- How has Romania built an effective partnership between government cybersecurity structures and the private sector, especially telecommunications and technology companies? What incentives or regulatory approaches have proven most effective for information sharing and joint defense?
- First of all, in dialogue with the private sector, it was important to recognize that, on one hand, cybersecurity represents costs. And significant costs, to be frank. But, on the other hand, it's a huge opportunity at the national or international level for creating a solid, profitable, sustainable business with growth prospects in the coming years. So at the moment when government bodies and private companies sit at the same table and recognize that the situation is mutually beneficial - on one hand, sustainability is ensured at the national level, key problems are solved, the number of incidents is reduced, and on the other hand, companies investing in cybersecurity, developing solutions and successfully bringing them to market can conduct profitable and sustainable business - then it's really a win-win scenario.
And, at least in Romania, this is our approach. We recommend this approach to other countries as well - more openness, more substantive dialogue. And, honestly, I'm very glad that here in Riyadh, at the Global Cybersecurity Forum, this is one of the key platforms where I've seen deep and open discussion between solution providers and government structures about both the challenges and the great opportunities that arise if we focus on this area.