7. Romania 89.61

7th National Cyber Security Index
62nd Global Cybersecurity Index
58th ICT Development Index
52nd Networked Readiness Index
Population 19.9million
Area (km2) 238.4thousand
GDP per capita ($) 25.5thousand
NCSI FULFILMENT PERCENTAGE
NCSI DEVELOPMENT TIMELINE 3 years All data
RANKING TIMELINE
NCSI Update Data source
17 Oct 2022 Public data collection

Version 17 Oct 2022

GENERAL CYBER SECURITY INDICATORS
  • 1. Cyber security policy development 7/7 100%
    7
    7 100%
    • 1.1. Cyber security policy unit 3
      3
      3
      Requirements
      Criteria

      A central government entity (ministry or equivalent) has a specialised official or unit responsible for national cyber security policy development.

      Accepted references

      Official website or legal act

      Evidence

      The National Cyber Security Directorate (Directoratul Național de Securitate Cibernetică) / NCSD (DNSC)

      See EMERGENCY ORDINANCE 104/2021 on establishing the National Cyber Security Directorate Friday 24 September 2021 (link above)

      Art. 4 Objectives

      (…)

      b) To ensure the framework of strategies, policies, and regulations that support the implementation of the national vision in the field of cyber security.”

      “Art. 5 Functions and responsibilities”

      In fulfilling the objectives, NCSD performs the following functions and responsibilities:

      a) Strategy and planning

      1. carries out the Government's policy in the field of cyber security and establishes at the national level the public strategies and policies in the field of cyber security.

      2. ensures the development and dissemination of public policies for preventing and mitigating incidents within the cyber infrastructures of the national civilian cyberspace.

      (…)

      7. drafts and submits to the Government of Romania proposals for modification of the legislative framework in the field of cyber security."

    • 1.2. Cyber security policy coordination format 2
      2
      2
      Requirements
      Criteria

      The central government has a committee, council, working group, etc. for national-level cyber security policy coordination.

      Accepted references

      Official website or legal act

      Evidence

      Consiliul operativ de securitate cibernetică (COSC) - see last paragraph on page 14:

      "The Cyber Security Operations Council (COSC) is the body through which the NSC's unitary coordination is carried out. From the COSC, as permanent members, representatives of the Ministry of National Defense, the Ministry of Internal Affairs, the Ministry of Foreign Affairs, the Ministry of Information Society, the Romanian Intelligence Service, the Special Telecommunications Service, the Foreign Intelligence Service, the Protection and Guard Service , The Office of the National Registry for State Secret Information and the Secretary of the Supreme Council of National Defense. COSC's leadership is provided by a president (the presidential advisor on national security issues) and a vice-president (the prime minister's adviser on national security issues). The Technical Coordinator of COSC is the Romanian Intelligence Service, under the terms of the law."

    • 1.3. Cyber security strategy 1
      1
      1
      Requirements
      Criteria

      The central government has established a national-level cyber security strategy or other equivalent document.

      Accepted references

      Valid official document

    • 1.4. Cyber security strategy implementation plan 1
      1
      1
      Requirements
      Criteria

      The central government has established an implementation plan to the national-level cyber security strategy or other equivalent document.

      Accepted references

      Valid official document or its enforcement act

      Evidence

      Romania's Cybersecurity Strategy and Action Plan for 2022-2027 (link above, see pp. 30-49). Alternatively, the Action Plan can also be accessed here

  • 2. Cyber threat analysis and information 4/5 80%
    4
    5 80%
    • 2.1. Cyber threats analysis unit 3
      3
      3
      Requirements
      Criteria

      A central government entity has a national-level unit that is specialised in national strategic cyber threat situation analysis.

      Accepted references

      Official website or legal act

      Evidence

      The National Cyber Security Directorate (Directoratul Național de Securitate Cibernetică) / NCSD (DNSC), see EMERGENCY ORDINANCE 104/2021 on establishing the National Cyber Security Directorate Friday 24 September 2021 (link above). 

      "Article 5 c) (The function of national CSIRT)

      “In fulfilling the objectives, NCSD performs the following functions and responsibilities:

      1. ensures the coordination of activities at national level of detection, protection, and response to cyber-attacks, as well as the conduct of monitoring, identification, analysis, investigation, and response to cyber security incidents, through the national CSIRT team, for cyber infrastructures in its field of competence, as defined by NCSD’s internal rules.

      (…)

      4. monitors, identifies, analyses and responds to cyber security threats in the national civilian cyberspace.

      5. investigates cyber incidents that target or use the national civilian cyberspace, in accordance with its legal competencies, by using appropriate technical methods that include analysis of network metadata as provided to NCSD by its respective owners.

      6. assesses cyber security risks at national level and issues warnings, newsletters, and forecasts

      7. identifies and analyses threats, also in cooperation with the public, private and academic stakeholders, to implement a high level of cyber security.

      8. carries out specific technical activities to identify vulnerabilities of websites with content in Romanian language and issues security warnings, as appropriate.

      9. develops systems and tools for identification, analysis and forecast of cyber incidents, based on which it establishes the impact at national and cross-border level of incidents and notifies the relevant authorities at national level, as well as similar authorities from other potentially affected states. (…)

      10. in accordance with the law, performs the collection, the analysis and exchange of information on cyber security risks and vulnerabilities of computer networks and systems, as well as of cyber security products and services."

      "Article 5  (Analysis and forecasting function)

      m) Analysis and forecasting function - evaluates and analyses the developments in the field of cyber security and issues alerts, analyses, newsletters and forecast bulletins."

      "5 p) The function of cyber security assessment of new technologies

      (…)

      2. identifies cyber security vulnerabilities and their impact on cyber security of Romania."


      Official website of the NCSD

    • 2.2. Public cyber threat reports are published annually 0
      0
      1
      Requirements
      Criteria

      The public part of the national cyber threat situation analysis is published at least once a year.

      Accepted references

      Official public report

      Evidence
    • 2.3. Cyber safety and security website 1
      1
      1
      Requirements
      Criteria

      Public authorities provide at least one cyber safety and security website for cyber security and ICT professionals, and regular users.

      Accepted references

      Website

  • 3. Education and professional development 7/9 78%
    7
    9 78%
  • 4. Contribution to global cyber security 5/6 83%
    5
    6 83%
BASELINE CYBER SECURITY INDICATORS
INCIDENT AND CRISIS MANAGEMENT INDICATORS
Information Disclaimer

The information provided on the NCSI website is based on publicly available evidence materials. The appearance in the index and subsequent ranking is commensurate to the existence and public availability of such information. The NCSI links to third party websites and information. The NCSI and eGA are not responsible for the accuracy or completeness of third party website information.

What can I do to improve my country's data in NCSI?

Become a data contributor Update a specific indicator with evidence data