The draft Emergency Ordinance on the establishment and operationalization of the Energy Cyber Security Incident Response Center (CRISCE), a measure imposed by the NIS2 Directive, is in public consultation, according to a press release from the Ministry of Energy.
“Energy infrastructure is the backbone of our economy and national security. Cyber attacks on this sector are not a hypothetical threat – they are an everyday reality with colossal damage. We see it in Ukraine every day, we must prepare in time for the new war hybrid. CRISCE will represent an unshakable stone in our efforts to protect not only the energy sector, but also the economic well-being and safety of citizens. In a world where technology is evolving rapidly, Romania must be prepared to face cyber challenges and to be a leader in energy security at the regional and European level,” Sebastian Burduja, Minister of Energy, said in the press release.
According to the relevant ministry, the expenses for the implementation and operation of CRISCE will be fully covered by the revenues from the Modernization Fund, without affecting the state budget.
“Through this structure we defend all the cyber infrastructures of the beneficiaries of the projects financed by the Modernization Fund. The GEO project aims to create a structure dedicated to the management and prevention of cyber incidents in the energy sector, contributing to the protection of the networks and IT systems of companies in this strategic field. CRISCE will ensure the constant monitoring of the energy infrastructure, will coordinate the response to cyber incidents and will collaborate with national and international institutions to combat the growing threats. CRISCE will function as a structure without legal personality under the direct subordination of the Minister of Energy and will ensure cyber security for the entire sector energy from Romania, this being the designated authority for fulfilling the duties provided for by Delegated Regulation (EU) 2024/1366 regarding the security of cross-border flows of electricity,” the press release states.
The new entity will be composed of 34 top specialists in the field of cyber security, recruited following a rigorous selection procedure, with an external commission made up of specialists from authorities and public institutions with attributions in the field of cyber security. They will be remunerated at the level of the private market in the cyber sector, and their activity will be evaluated every 12 months.
The major benefits of the establishment of CRISCE for Romania are: protecting critical energy infrastructures against complex cyber attacks, such as ransomware, attacks on SCADA systems or advanced phishing attempts; the creation of a sectoral operational center dedicated to cyber security, which will allow quick and efficient interventions in the face of attacks; unitary and integrated coordination of cyber security in the energy field, with continuous monitoring and proactive incident prevention mechanisms; increasing the resilience and response capacity of energy companies in Romania.