Albert Vartic, the Coordinator of the Industrial Cybersecurity Center in Romania (CCI Coordinators Team), helps us to get into context about the state of industrial cybersecurity in his country, and for this he shares his impressions below.
Describe the level of sensitivity of industrial organizations in your country according to the following percentages:
He also comments that the trend regarding concern about industrial cybersecurity in his country in the last year has been very little growth.
Romania has national public bodies that ensure the creation of an adequate legal framework, which guarantees the progressive incorporation of industrial cybersecurity in the structures of companies with a national presence (mainly critical infrastructures), among the main ones it is worth highlighting:
- National Cyber Security Directorate (DNSC) has the key role in implementing the new National Cyber Security Strategy and in ensuring Romania’s compliance with international commitments, including those related to the implementation of the EU Cybersecurity Strategy, the NIS Directive and NIS 2.0, as well as the European Cybersecurity Industrial, Technology and Research Competence Centre (ECCC).”
Among the main national laws and regulations that I control in this context in Romania, Albert cites:
- Law no. 362/2018 (transposes the NIS Directive in Romania)
As industrial cybersecurity measures distributed by Romanian organizations to protect industrial automation systems, Albert Vartic highlights the application of:
- Industrial Cybersecurity Consulting / Advisory
- Implementation of security management systems
- Internal security audits
- External security audits
- Network architecture and design
- Conventional Firewalls
- Industrial Firewalls
- IDS / IPS
- SIEM (Cybersecurity Information and Event Management)
- Encrypted communications
The CCI Coordinator in Romania characterizes the situation in his country regarding industrial cybersecurity through the following SWOT:
Weaknesses
- Lack of operational technologies certifications, processes and professionals
- Lack of specific industry cybersecurity legislation
- Lack of specific CERTs
| Strengths
- Awareness, especially regarding industrial critical infrastructures
- Frequent events and forums on industrial cybersecurity
|
Threats
- High development of industrial applications without cybersecurity requirements
- Shortage of local industrial cybersecurity professionals working for manufacturers
- Shortage of specific industrial cybersecurity risk management tools
| Opportunities
- Increased of cibersecurity demand for Industry 4.0 and the Internet of things
- Strategic position in the industrial cyber security sector
|