Cyber intelligence

The cyber-space is an environment characterized by uncertainty and asymmetry, with emerging risks and threats to the national and international security.

In accordance with the provisions of The Law no. 58/2023 on Romania’s security and cyber defense, as well as for the modification and some normative acts’ completion, the Romanian Intelligence Service is a nationally competent authority in the field of cyberintelligence. Through the National Cyberint Center, SRI acts with the purpose of analyzing, preventing and countering the cybernetic incidents and attacks which represent threats, risks and vulnerabilities to Romania’s national security.

The Romanian Intelligence Service is tasked with preventing and countering the Advanced Persistent Threats to all computer networks and systems at national level, with the exception of those in the competence of the Ministry of National Defense, the Ministry of Internal Affairs, the Foreign Intelligence Service, the Special Telecommunications Service and the Protection and Guard Service.

Moreover, by The Law no. 58/2023, additions have been made to art.3 from The Law no. 51/1991 in regard to Romania’s national security, republished, with the subsequent additions, with the introduction of three new threats to national security:

• cyber threats or cyberattacks to the information technology and communication infrastructures of national interest;
• actions, inactions or realities with consequences on national, regional and global level which affect the state’s resilience in relation to hybrid type risks and threats;
• actions conducted by a state or non-state entity, through online propaganda or disinformation campaigns, prone to affect the constitutional order.

The Romanian Intelligence Service uses in a conjoint manner the technical capabilities and the informative capabilities in order to fulfill its legal responsibilities and informs the legal customers in order to prevent, limit and/or stop the consequences of the cyber-threats on the informatic and communication infrastructures of national interest. In addition to that, starting with July 2020, the Cyberint National Center fulfills the role of CERT for the Romanian Intelligence Service.

The main forms of manifestation of the cyber-threats to Romania’s national security are represented by the cyber operations conducted by three categories of cyber actors – state actors, cybercrime groups and ideologically motivated groups.

The categories of actors which generate threats in the cyber space are presented in Romania’s Cybernetic Security Strategy for 2022–2027, as stated below:

• individuals and entities associated to state actors;
• individuals and groups who carry out cyber criminality activities;
• individuals and hacker groups with ideological, political or extremist-terrorist motivations.

The Romanian Intelligence Service endorses the importance of the people’s cyber security culture nurturing measures through bringing awareness to the vulnerabilities, risks and threats that come from the cyber space and promotes the necessity of ensuring protection of its own informatic systems.

At the moment, anyone can be the target of a cyberattack, and the state’s most important institutions usually are the first target. The human factor continues to remain the main vulnerability in the face of the cyber threats