Romania has one of the most modern cyber security legislations in Europe and even in the world, with clear obligations, including for energy companies, the Minister of Energy, Sebastian Burduja, said on Friday.
“We have one of the most modern cyber security legislations in Europe and even in the world. At the Ministry of Digitalization we had a milestone in the PNRR (National Recovery and Resilience Plan) which was called the Cyber Security Law and, when we took over this milestone…everyone was running away from it because it involved the amendment of the National Security Laws, which no one had succeeded in for 10 years…we managed in four months to close this milestone. And we have in Romania a Cyber security law, and when I say we, I don’t just mean the Ministry of Digitalization. The DNSC (National Directorate of Energy Security – n. r.) had a fundamental role, Cyberint, STS, and the other national security institutions. And, indeed, on the law currently, there are some clear obligations, including from the energy companies. And now, as Minister of Energy, I created a task force for the energy companies and gave them some tasks,” said Burduja, at the Cyber Security Forum in Energy, organized by Distributie Energie Electrică Romania, according to Agerpres.
He emphasized that, through the Cybersecurity Law, 10% of the budget of research programs in Romania, managed by the Ministry of Research, Innovation and Digitization, must go to the area of cyber security.
On the other hand, the minister reiterated that there is “an energy trilemma”: we want safe energy, energy at the most accessible price and greenest energy, but the most important of all is energy security.
“If the light bulb doesn’t turn on when we press the switch, there is no quality of life, no economic development… That’s why energy is the heart of the economy and certainly cyber security is part of this concept of security, of safe energy. And we see energy being used as a weapon in the new hybrid wars. Also, the entire paradigm in the energy sector is leading us to a system, as they say, in 3D: decentralized, digitalized, decarbonized. Or, decentralization and digitalization make us, on on the one hand, more resilient, and on the other hand more vulnerable, if we do not take care of this aspect of cyber security. It involves multiple aspects: protecting critical infrastructure, continuous monitoring, updates. I would emphasize awareness and education. And that’s why we also realized at the Ministry of Research, Innovation and Digitization. Cyber security is a chain in which the weakest link matters. Many times, it is a single user in the IT system. (…) Unfortunately, there are still no mechanisms and the DNSC is doing a brilliant job, but they have a capacity problem and a salary level problem, which has not been adjusted until now. And these training sessions have to be done, because if you, as a civil servant in a ministry or maybe in an energy company, you don’t know that you shouldn’t open an email that has a suspicious link, you can put in danger to the entire system,” explained Sebastian Burduja.
He signaled that, if we really want to be secure from a cyber point of view, we must accept “to befriend the state with the private”, in order to arrive at the best solutions and systems.
“It is not an area where the state knows everything, on the contrary. And where does this mentality come from that the state cannot collaborate with private companies? We have to get rid of it, if we want to have the best solutions and the best systems. Now we also have some ingredients for success. First of all, the people. Without them, nothing can be done. As Minister of Digitalization, I used to say that I am the luckiest minister in the Government. Small budget, but every day I meet some of the most smart people from Romania. Now, in Energy, I can say the same thing or even more than that. Romanian energy scientists are among the smartest experts in the world. So, we have two fields in which Romania, with its human resources, excels,” pointed out the Minister of Energy.
He mentioned that, among the things that must be done according to the law, are: the cyber threats, risks and vulnerabilities plan; specific purchases; reporting incidents to DNSC and other institutions in the area of national security; appointing a cyber security officer; rapid reaction center; the cyber exercise plan with the other institutions.
“So, this is the goal of this energy security task force that we worked on, for now informally, at the level of the ministry, with the vision of having a SOC – Security Operations Center formalized and in full correlation with the other institutions, including that European agency of excellence for cyber security, which also as Minister of Digitalization we managed to operationalize in Bucharest, after two years of delay”, Burduja also said.