GENERAL CYBER SECURITY INDICATORS

• 1. Cyber security policy development 7/7 100%
  7

  7 100%
  • 1.1. Cyber security policy unit 3
    3

    3

    Requirements

    Criteria

    A central government entity (ministry or equivalent) has a specialised official or unit responsible for national cyber security policy development.

    Accepted references

    Official website or legal act

    Evidence

    https://dnsc.ro/vezi/document/emergency-ordinance-104-2021-on-establishing-the-national-cyber-security-directorate

    The National Cyber Security Directorate (Directoratul Național de Securitate Cibernetică) / NCSD (DNSC)

    See EMERGENCY ORDINANCE 104/2021 on establishing the National Cyber Security Directorate Friday 24 September 2021 (link above)

    “Art. 4 Objectives

    (…)

    b) To ensure the framework of strategies, policies, and regulations that support the implementation of the national vision in the field of cyber security.”

    “Art. 5 Functions and responsibilities”

    In fulfilling the objectives, NCSD performs the following functions and responsibilities:

    a) Strategy and planning

    1. carries out the Government's policy in the field of cyber security and establishes at the national level the public strategies and policies in the field of cyber security.

    2. ensures the development and dissemination of public policies for preventing and mitigating incidents within the cyber infrastructures of the national civilian cyberspace.

    (…)

    7. drafts and submits to the Government of Romania proposals for modification of the legislative framework in the field of cyber security."

    ×
  • 1.2. Cyber security policy coordination format 2
    2

    2

    Requirements

    Criteria

    The central government has a committee, council, working group, etc. for national-level cyber security policy coordination.

    Accepted references

    Official website or legal act

    Evidence

    http://www.securitatea-cibernetica.ro/wp-content/uploads/2014/12/StrategiaDeSecuritateCiberneticaARomaniei.pdf

    Consiliul operativ de securitate cibernetică (COSC) - see last paragraph on page 14:

    "The Cyber Security Operations Council (COSC) is the body through which the NSC's unitary coordination is carried out. From the COSC, as permanent members, representatives of the Ministry of National Defense, the Ministry of Internal Affairs, the Ministry of Foreign Affairs, the Ministry of Information Society, the Romanian Intelligence Service, the Special Telecommunications Service, the Foreign Intelligence Service, the Protection and Guard Service , The Office of the National Registry for State Secret Information and the Secretary of the Supreme Council of National Defense. COSC's leadership is provided by a president (the presidential advisor on national security issues) and a vice-president (the prime minister's adviser on national security issues). The Technical Coordinator of COSC is the Romanian Intelligence Service, under the terms of the law."

    ×
  • 1.3. Cyber security strategy 1
    1

    1

    Requirements

    Criteria

    The central government has established a national-level cyber security strategy or other equivalent document.

    Accepted references

    Valid official document

    Evidence

    https://legislatie.just.ro/Public/DetaliiDocumentAfis/250235

    Romania's Cybersecurity Strategy and Action Plan for 2022-2027 (Decision No. 1321/2021, approving Romania’s Cybersecurity Strategy and Action Plan for 2022-2027)

    ×
  • 1.4. Cyber security strategy implementation plan 1
    1

    1

    Requirements

    Criteria

    The central government has established an implementation plan to the national-level cyber security strategy or other equivalent document.

    Accepted references

    Valid official document or its enforcement act

    Evidence

    https://cdn.edupedu.ro/wp-content/uploads/2022/01/Monitorul-Oficial-Partea-I-nr.-2Bis.pdf

    Romania's Cybersecurity Strategy and Action Plan for 2022-2027 (link above, see pp. 30-49). Alternatively, the Action Plan can also be accessed here. 

    ×
• 2. Cyber threat analysis and information 4/5 80%
  4

  5 80%
  • 2.1. Cyber threats analysis unit 3
    3

    3

    Requirements

    Criteria

    A central government entity has a national-level unit that is specialised in national strategic cyber threat situation analysis.

    Accepted references

    Official website or legal act

    Evidence

    https://dnsc.ro/vezi/document/emergency-ordinance-104-2021-on-establishing-the-national-cyber-security-directorate

    The National Cyber Security Directorate (Directoratul Național de Securitate Cibernetică) / NCSD (DNSC), see EMERGENCY ORDINANCE 104/2021 on establishing the National Cyber Security Directorate Friday 24 September 2021 (link above). 

    "Article 5 c) (The function of national CSIRT)

    “In fulfilling the objectives, NCSD performs the following functions and responsibilities:

    1. ensures the coordination of activities at national level of detection, protection, and response to cyber-attacks, as well as the conduct of monitoring, identification, analysis, investigation, and response to cyber security incidents, through the national CSIRT team, for cyber infrastructures in its field of competence, as defined by NCSD’s internal rules.

    (…)

    4. monitors, identifies, analyses and responds to cyber security threats in the national civilian cyberspace.

    5. investigates cyber incidents that target or use the national civilian cyberspace, in accordance with its legal competencies, by using appropriate technical methods that include analysis of network metadata as provided to NCSD by its respective owners.

    6. assesses cyber security risks at national level and issues warnings, newsletters, and forecasts

    7. identifies and analyses threats, also in cooperation with the public, private and academic stakeholders, to implement a high level of cyber security.

    8. carries out specific technical activities to identify vulnerabilities of websites with content in Romanian language and issues security warnings, as appropriate.

    9. develops systems and tools for identification, analysis and forecast of cyber incidents, based on which it establishes the impact at national and cross-border level of incidents and notifies the relevant authorities at national level, as well as similar authorities from other potentially affected states. (…)

    10. in accordance with the law, performs the collection, the analysis and exchange of information on cyber security risks and vulnerabilities of computer networks and systems, as well as of cyber security products and services."

    "Article 5  (Analysis and forecasting function)

    m) Analysis and forecasting function - evaluates and analyses the developments in the field of cyber security and issues alerts, analyses, newsletters and forecast bulletins."

    "5 p) The function of cyber security assessment of new technologies

    (…)

    2. identifies cyber security vulnerabilities and their impact on cyber security of Romania."

    ---

    https://dnsc.ro/

    Official website of the NCSD

    ×
  • 2.2. Public cyber threat reports are published annually 0
    0

    1

    Requirements

    Criteria

    The public part of the national cyber threat situation analysis is published at least once a year.

    Accepted references

    Official public report

    Evidence

    ×
  • 2.3. Cyber safety and security website 1
    1

    1

    Requirements

    Criteria

    Public authorities provide at least one cyber safety and security website for cyber security and ICT professionals, and regular users.

    Accepted references

    Website

    Evidence

    https://dnsc.ro/doc/ghid?page=3

    ---

    https://dnsc.ro/pagini/CVD

    ×
• 3. Education and professional development 7/9 78%
  7

  9 78%
  • 3.1. Cyber safety competencies in primary or secondary education 1
    1

    1

    Requirements

    Criteria

    Primary or secondary education curricula include cyber safety / computer safety competences.

    Accepted references

    Official curriculum or official report

    Evidence

    https://op.europa.eu/en/publication-detail/-/publication/d7834ad0-ddac-11e9-9c4e-01aa75ed71a1

    Digital Education at School in Europe (Eurydice Report), 2019 (link above). 

    • "The majority of European education systems have explicitly included learning outcomes related to all five digital competence areas. In descending order of prevalence these are: information and data literacy, digital content creation, communication and collaboration, safety, and problem solving (see Figure 1.5)" (see p. 10).
       
    • “For the purpose of this focused analysis, eight of the 21 digital competences in DigComp have been selected, taking at least one from each of the five areas (…). Protecting personal data and privacy (safety area): the increasing relevance of this competence is reflected in European curricula, as nearly 30 education systems have explicit related learning outcomes in secondary education, and nearly 20 in primary education (see Figure 1.7)" (pp. 10-11)
       
    • See page 43 (Figure 1.7), Romania (RO) has it for ISCED 2 and ISCED 3
       
    • See also page 119: Curriculum approaches to digital competences according to national curricula for primary and general secondary education (ISCED 1-3), 2018/19.

    ×
  • 3.2. Bachelor’s level cyber security programme 2
    2

    2

    Requirements

    Criteria

    There is at least one cyber security / electronic information security focused programme at Bachelor’s or equivalent level.

    Accepted references

    Accredited study programme

    Evidence

    https://mta.ro/studii-licenta-c1

    ×
  • 3.3. Master’s level cyber security programme 2
    2

    2

    Requirements

    Criteria

    There is at least one cyber security / electronic information security focused programme at Master’s or equivalent level.

    Accepted references

    Accredited study programme

    Evidence

    https://mta.ro/studii-de-master-c1

    ---

    https://iesc.unitbv.ro/ro/programe-de-studii/masterat.html

    ---

    https://cs.utcluj.ro/2022-2023-m.html

    ×
  • 3.4. PhD level cyber security programme 0
    0

    2

    Requirements

    Criteria

    There is at least one cyber security / electronic information security focused programme at PhD or equivalent level.

    Accepted references

    Accredited study programme

    Evidence

    ×
  • 3.5. Cyber security professional association 2
    2

    2

    Requirements

    Criteria

    There is a professional association of cyber/electronic information security specialists, managers or auditors.

    Accepted references

    Website

    Evidence

    http://www.raisa.org/

    ×
• 4. Contribution to global cyber security 5/6 83%
  5

  6 83%
  • 4.1. Convention on Cybercrime 1
    1

    1

    Requirements

    Criteria

    The country has ratified the Convention on Cybercrime.

    Accepted references

    Official website of the convention

    Evidence

    https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185/signatures?p_auth=zrS8ISMY

    ×
  • 4.2. Representation in international cooperation formats 1
    1

    1

    Requirements

    Criteria

    The government is regularly represented in a cooperation format that is dedicated to international cyber security (e.g. FIRST).

    Accepted references

    Official website of the cooperation format

    Evidence

    https://www.first.org/members/teams/#romania

    ---

    https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Status_ITU_IMPACT.pdf

    ×
  • 4.3. International cyber security organisation hosted by the country 3
    3

    3

    Requirements

    Criteria

    A regional or international cyber security organisation is hosted by the country.

    Accepted references

    Organisation’s official website

    Evidence

    https://cybersecurity-centre.europa.eu/index_en

    The European Cybersecurity Competence Centre

    “The Competence Centre, together with the Network of National Coordination Centres, aims to strengthen European cybersecurity capacities, research excellence and industry competitiveness. For this purpose, it will manage some of the funding dedicated to cybersecurity in the Digital Europe ProgrammeSearch for available translations of the preceding linkEN and Horizon EuropeSearch for available translations of the preceding linkEN programme, as well as funding from the Member States.” Cited source can be accessed here. 

    ×
  • 4.4. Cyber security capacity building for other countries 0
    0

    1

    Requirements

    Criteria

    The country has (co-)financed or (co-)organised at least one capacity building project for another country in the last 3 years.

    Accepted references

    Official website or project document

    Evidence

    ×

BASELINE CYBER SECURITY INDICATORS

• 5. Protection of digital services 4/5 80%
  4

  5 80%
  • 5.1. Cyber security responsibility for digital service providers 1
    1

    1

    Requirements

    Criteria

    According to legislation, digital service providers (except micro and small enterprises): (1) must manage cyber/ICT risks or (2) must implement established cyber/information security requirements.

    Accepted references

    Legal act

    Evidence

    https://legislatie.just.ro/Public/DetaliiDocument/209670

    Law no. 362 of December 28, 2018 on ensuring a common high level of security of networks and IT systems (link above), see Article 12. 

    ×
  • 5.2. Cyber security standard for the public sector 0
    0

    1

    Requirements

    Criteria

    Public sector digital service providers must implement (1) cyber/ICT security requirements (defined by legislation) or (2) a widely recognised security standard.

    Accepted references

    Legal act

    Evidence

    ×
  • 5.3. Competent supervisory authority 3
    3

    3

    Requirements

    Criteria

    The government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements.

    Accepted references

    Official website or legal act

    Evidence

    https://legislatie.just.ro/Public/DetaliiDocument/209670

    Article 20 i)

     

    ×
• 6. Protection of essential services 6/6 100%
  6

  6 100%
  • 6.1. Operators of essential services are identified 1
    1

    1

    Requirements

    Criteria

    There is a legal act that allows to identify operators of essential services.

    Accepted references

    Legal act

    Evidence

    https://dnsc.ro/vezi/document/hg-963-2020

    Decision no. 963 of November 5, 2020 for the approval of the List of essential services 

    ---

    https://legislatie.just.ro/Public/DetaliiDocument/209670

    LAW no. no. 362 of 28 December 2018on ensuring a high common level of security of network and information systems, Sectrion II 

    ---

    https://dnsc.ro/pagini/operatori-de-servicii-esentiale

    ×
  • 6.2. Cyber security requirements for operators of essential services 1
    1

    1

    Requirements

    Criteria

    According to the legislation, operators of essential services must manage cyber/ICT risks.

    Accepted references

    Legal act

    Evidence

    https://legislatie.just.ro/Public/DetaliiDocumentAfis/233782

    TECHNICAL RULES of November 9, 2020 regarding the minimum requirements for ensuring the security of networks and IT systems applicable to operators of essential services 

    See: Article 3, Article 4, Article 18, Chapter IV Cyber Defense (Articles 34, 35, 36, 37).

    ×
  • 6.3. Competent supervisory authority 3
    3

    3

    Requirements

    Criteria

    The government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.

    Accepted references

    Official website or legal act

    Evidence

    https://legislatie.just.ro/Public/DetaliiDocument/209670

    Art 20 i)

    ×
  • 6.4. Regular monitoring of security measures 1
    1

    1

    Requirements

    Criteria

    Operators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).

    Accepted references

    Legal act

    Evidence

    https://dnsc.ro/vezi/document/osgg-1323-2020

    Order no. 1,323 of November 9, 2020 for the approval of the Technical Norms regarding the minimum requirements for ensuring the security of networks and IT systems applicable to operators of essential services (link above), see Article 7, Article 8. 

    ×
• 7. E-identification and trust services 8/9 89%
  8

  9 89%
  • 7.1. Unique persistent identifier 1
    1

    1

    Requirements

    Criteria

    The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

    Accepted references

    Legal act

    Evidence

    http://legislatie.just.ro/Public/DetaliiDocumentAfis/188152

    Personal numerical code (CNP)

    DECISION no. 1375 of 4 October 2006 that Approved the METHODOLOGICAL RULES of 4 October 2006, Article 14 (link above). 

    ---

    https://legislatie.just.ro/Public/DetaliiDocument/8556

    LAW no. 105 of September 25, 1996 regarding the population record and the identity card, Article 5.

    ---

    https://www.oecd.org/tax/automatic-exchange/crs-implementation-and-assistance/tax-identification-numbers/Romania-TIN.pdf

    ×
  • 7.2. Requirements for cryptosystems 0
    0

    1

    Requirements

    Criteria

    Requirements for cryptosystems in the field of trust services are regulated.

    Accepted references

    Legal act

    Evidence

    ×
  • 7.3. Electronic identification 1
    1

    1

    Requirements

    Criteria

    Electronic identification is regulated.

    Accepted references

    Legal act

    Evidence

    http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN

    REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014

    ×
  • 7.4. Electronic signature 1
    1

    1

    Requirements

    Criteria

    E-signature is regulated

    Accepted references

    Legal act

    Evidence

    http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN

    REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014

    ---

    https://legislatie.just.ro/Public/DetaliiDocument/29903

    Law on the Electronic Signature - no. 455/2001 - (published in the Official Gazette of Romania no. 429/31.07.2001). English version can be accessed here.

    ---

    https://legislatie.just.ro/Public/DetaliiDocumentAfis/224709

    Emergency Ordinance no. 38/2020 on the use of electronic documents by public authorities and institutions

    ×
  • 7.5. Timestamping 1
    1

    1

    Requirements

    Criteria

    Timestamping is regulated.

    Accepted references

    Legal act

    Evidence

    http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN

    REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014

    ---

    https://legislatie.just.ro/Public/DetaliiDocumentAfis/56432

    Law no. 451/2004 on time stamps

    ×
  • 7.6. Electronic registered delivery service 1
    1

    1

    Requirements

    Criteria

    Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

    Accepted references

    Legal act

    Evidence

    http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN

    REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014

    ---

    https://legislatie.just.ro/Public/DetaliiDocument/257856

    LAW no. 242 of July 20, 2022 regarding data exchange between IT systems and the creation of the National Interoperability Platform (e.g. see Article 2 (i); Article 5 (d); Article 20 (1); Article 20 (7d))

    ×
  • 7.7. Competent supervisory authority 3
    3

    3

    Requirements

    Criteria

    There is an authority responsible for the supervision of qualified trust service providers.

    Accepted references

    Official website or legal act

    Evidence

    https://legislatie.just.ro/Public/DetaliiDocument/29903

    Ministry of Communications and Information Society

    LAW no. 455 of July 18, 2001 regarding the electronic signature, articles 25 & 26 (link above). 

    ---

    https://legislatie.just.ro/Public/DetaliiDocumentAfis/190241

    ORDER no. 449 of May 30, 2017 regarding the procedure for granting, suspending and withdrawing the status of qualified trust service provider in accordance with Regulation (EU) no. 910/2014 of the European Parliament and of the Council of 23 July 2014, Article 2a.

    ---

    https://dnsc.ro/vezi/document/emergency-ordinance-104-2021-on-establishing-the-national-cyber-security-directorate

    The National Cyber Security Directorate (Directoratul Național de Securitate Cibernetică) / NCSD (DNSC)

    EMERGENCY ORDINANCE 104/2021 on establishing the National Cyber Security Directorate Friday 24 September 2021 (in English); Article 5b, nr. 5.

    ×
• 8. Protection of personal data 4/4 100%
  4

  4 100%
  • 8.1. Personal data protection legislation 1
    1

    1

    Requirements

    Criteria

    There is a legal act for personal data protection.

    Accepted references

    Legal act

    Evidence

    https://privacyon.ro/wp-content/uploads/2018/12/Romanian-GDPR-implementation-law-English-translation.pdf

    GDPR implementation law (Law No. 190/2018) – Unofficial English version (link above), for latest Romanian version click here.  

    ---

    https://legislatie.just.ro/Public/DetaliiDocument/32733

    LAW no. 677 of November 21, 2001for the protection of individuals regarding the processing of personal data and the free movement of such data.

    ---

    https://www.dataprotection.ro/index.jsp?page=legislatie_primara&lang=en

    Related laws (link above). 

    ×
  • 8.2. Personal data protection authority 3
    3

    3

    Requirements

    Criteria

    There is an independent public supervisory authority that is responsible for personal data protection.

    Accepted references

    Official website or legal act

    Evidence

    https://www.dataprotection.ro/index.jsp?page=home&lang=en

    The National Supervisory Authority for Personal Data Processing (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal)

    ×

INCIDENT AND CRISIS MANAGEMENT INDICATORS

• 9. Cyber incidents response 6/6 100%
  6

  6 100%
  • 9.1. Cyber incidents response unit 3
    3

    3

    Requirements

    Criteria

    The government has a unit (CSIRT, CERT, CIRT, etc.) that is specialised in national-level cyber incident detection and response.

    Accepted references

    Official website or legal act

    Evidence

    https://dnsc.ro/vezi/document/emergency-ordinance-104-2021-on-establishing-the-national-cyber-security-directorate

    The National Cyber Security Directorate (Directoratul Național de Securitate Cibernetică) / NCSD (DNSC)

    See: EMERGENCY ORDINANCE 104/2021 on establishing the National Cyber Security Directorate Friday 24 September 2021 (link above). 

    Article 2

    “The National Cyber Security and Incident Response Team - CERT-RO shall be abolished upon the entry into force of this emergency ordinance.”

    Article 3

    “On the date of entry into force of this emergency ordinance NCSD takes over the activities, attributions, and staff of the National Cyber Security Incident Response Team - CERT-RO, maintaining the salary rights held at the date of takeover”

    See also Article 5 c) (The function of national CSIRT); Article 5 d) (The function governmental CSIRT) and Article 5 e) (The function of coordination, implementation, guidance, and support of the sectoral CSIRTs).

    ×
  • 9.2. Reporting responsibility 1
    1

    1

    Requirements

    Criteria

    Digital service providers and operators of essential services have an obligation to notify appointed government authorities of cyber security incidents.

    Accepted references

    Legal act

    Evidence

    https://legislatie.just.ro/Public/DetaliiDocument/209670

    Law no. 362 of December 28, 2018 on ensuring a common high level of security of networks and IT systems (link above), see Article 10 (1c); Article 12 (1c).

    ×
  • 9.3. Single point of contact for international coordination 2
    2

    2

    Requirements

    Criteria

    The government has designated a single point of contact for international cyber security coordination.

    Accepted references

    Official website or legal act

    Evidence

    https://dnsc.ro/vezi/document/emergency-ordinance-104-2021-on-establishing-the-national-cyber-security-directorate

    The National Cyber Security Directorate (Directoratul Național de Securitate Cibernetică) / NCSD (DNSC)

    See: EMERGENCY ORDINANCE 104/2021 on establishing the National Cyber Security Directorate Friday 24 September 2021, see 5 h).

    5 h) (The function of cooperation and collaboration)

    “In fulfilling the objectives, NCSD performs the following functions and responsibilities:

    (…)

    2. represents Romania in the established formats of international cooperation within its fields of competence, in cooperation with other state competent authorities, for ensuring inter-institutional cooperation, mutual information and for maintaining a coherent position at international level.”

    ×
• 10. Cyber crisis management 3/5 60%
  3

  5 60%
  • 10.1. Cyber crisis management plan 0
    0

    1

    Requirements

    Criteria

    The government has established a crisis management plan for large-scale cyber incidents.

    Accepted references

    Legal act

    Evidence

    ×
  • 10.2. National-level cyber crisis management exercise 2
    2

    2

    Requirements

    Criteria

    The government has conducted a national-level cyber crisis management exercise or a crisis management exercise with a cyber component in the last 3 years.

    Accepted references

    Exercise document/website or press release

    Evidence

    https://www.sri.ro/articole/cyber-security-national-exercise-cydex-the-4th-edition

    Cyber Security National Exercise  (2020) – Cydex, the 4th edition

    ×
  • 10.3. Participation in international cyber crisis exercises 1
    1

    1

    Requirements

    Criteria

    The country's team has participated in an international cyber crisis management exercise in the last 3 years.

    Accepted references

    Exercise document/website or press release

    Evidence

    https://dnsc.ro/citeste/comunicat-dnsc-cyber-europe-2022-domeniul-sanatatii-ue

    Cyber Europe 2022

    ---

    https://www.enisa.europa.eu/news/blue-olex-2021-testing-the-response-to-large-cyber-incidents

    Blue OLEx 2021

    ---

    https://www.enisa.europa.eu/news/enisa-news/eu-member-states-test-rapid-cyber-crisis-management

    "CySOPEx 2021 is testing for the first time today the procedures for prompt and effective cyber crisis management in the EU to face large-scale, cross border cyber-attacks. (...) All Member States and the European Commission are taking part in the exercise (...)."

    ×
  • 10.4. Operational support of volunteers in cyber crises 0
    0

    1

    Requirements

    Criteria

    The procedures for using volunteers in the field of cyber security are established by legislation.

    Accepted references

    Legal act

    Evidence

    ×
• 11. Fight against cybercrime 9/9 100%
  9

  9 100%
  • 11.1. Cybercrimes are criminalised 1
    1

    1

    Requirements

    Criteria

    Cybercrimes are defined by legislation.

    Accepted references

    Legal act

    Evidence

    https://legislatie.just.ro/Public/DetaliiDocument/43323

    LAW no. 161 of April 19, 2003 regarding some measures to ensure transparency in the exercise of public dignities, public functions and in the business environment, preventing and sanctioning corruption, see Title III - Prevention and combating cybercrime. Unofficial English translation can be accessed here. 

    ×
  • 11.2. Cybercrime unit 3
    3

    3

    Requirements

    Criteria

    There is a government entity with a specific function of combatting cybercrime.

    Accepted references

    Official website or legal act

    Evidence

    https://www.politiaromana.ro/ro/structura-politiei-romane/unitati-centrale/directia-de-combatere-a-criminalitatii-organizate/structura-organizatorica

    3. Cybercrime Service (Serviciul de combatere a criminalităţii informatice)

    It carries out investigative and criminal investigation activities to combat cybercrime with electronic means of payment, crimes against data confidentiality and integrity, information systems and child pornography.

    There are 4 offices in the service (the Office for Combating Cybercrime and Payments, the Office for Investigation and Research of Computer Systems, the Office for Investigating Crime against Information Systems, the Office for the Investigation of Child Pornography Infringements by Computer Systems) .

    ×
  • 11.3. Digital forensics unit 3
    3

    3

    Requirements

    Criteria

    There is a government entity with a specific function of digital forensics.

    Accepted references

    Official website or legal act

    Evidence

    https://www.politiaromana.ro/files/userfiles/politia_romana_/organigrama_ic.jpg

    Serviciul 1, Serviciul Expertize Criminalistice, Laborator IT

    ---

    https://b.politiaromana.ro/ro/structura/servicii-centrale/serviciul-criminalistic

    ×
  • 11.4. 24/7 contact point for international cybercrime 2
    2

    2

    Requirements

    Criteria

    The government has designated an international 24/7 contact point for cybercrimes.

    Accepted references

    Official website or legal act

    Evidence

    https://rm.coe.int/cyber-list-of-competent-authorities-september-2021/1680a3aaae

    Service for Combating Cybercrime Directorate for the Investigating Organised Crime and Terrorism (DIOCT) within Prosecutor’s Office attached to the High Court of Cassation and Justice;

    Romanian National Police Service for Combating Cybercrime Directorate for Combating Organised Criminality

    ×
• 12. Military cyber operations 6/6 100%
  6

  6 100%
  • 12.1. Cyber operations unit 3
    3

    3

    Requirements

    Criteria

    Military forces have a unit (cyber command, etc.) that is specialised in planning and conducting cyber operations.

    Accepted references

    Official website or legal act

    Evidence

    https://www.cybercommand.ro/pages/organizare

    Cybernetic Defense Command (Comandamentul Apărării Cibernetice)

    ---

    https://www.cybercommand.ro/pages/legislatie

    Regulations pertaining the activities of the Cyber Defense Command

    ×
  • 12.2. Cyber operations exercise 2
    2

    2

    Requirements

    Criteria

    Military forces have conducted a cyber operations exercise or an exercise with a cyber operations component in the country in the last 3 years.

    Accepted references

    Exercise document/website or press release

    Evidence

    https://certmil.ro/exercitiul-cyberman-2022/

    CyberMAN 2022 exercise

    ×
  • 12.3. Participation in international cyber exercises 1
    1

    1

    Requirements

    Criteria

    The country's military team has participated in an international cyber operations exercise in the last 3 years.

    Accepted references

    Exercise document/website or press release

    Evidence

    https://certmil.ro/exercitiul-international-de-aparare-cibernetica-locked-shields-2022/

    Locked Shields 2022

    ---

    https://certmil.ro/exercitiului-cwix-2022/

    Exercise CWIX 2022

    ---

    https://certmil.ro/exercitiul-nato-de-aparare-cibernetica-cyber-coalition-2021/

    CYBER COALITION 2021

    ×