Dan Cimpean, DNSC: “Romania is missing 3,000 cybersecurity experts”

“One of the major concerns we have in terms of cybersecurity risks noted is related to the supply chain, in particular when it comes to new technologies adopted at an accelerated pace. The cyber-attacks are increasing exponentially. New technologies are not 100 percent risk proof. They are a bit rushed into the market because we need them especially during the pandemic. The businesses need them, the users need them,” Dan Cimpean, Acting Director Romanian National Cyber Security Directorate (DNSC) said during Digital Transformation Conference in Telecommunications 2021.

“My job is to worry, and I’m worried about risks coming from third-party service providers or vendors. I also worry about some poor information security practices by lower-tier suppliers. I worry about compromised software or hardware. There are many cases, known or unknown, where software or hardware components were embedded in current offerings without knowing that pieces of malicious code are running on those components. This risk is increasing lately whether is driven by criminal networks, rogue suppliers or even governments. Then I worry about traditional software security vulnerabilities that stay undetected simply because the solutions providers don’t have enough workforce to test it properly.

Telecom providers, regulators, cybersecurity specialists all get sometimes surprised by the speed of digital transformation, by new technologies popping up and being deployed immediately on the market.

The speed of digital transformation during the pandemic accelerated seven times faster than on normal years. It’s very difficult to tackle the phenomenon of cybercrime, to reduce the risks, to diminish the number of vulnerabilities. It’s a very complicated picture at this stage.

We see a strong resilience in Romania, and we didn’t have a major cybersecurity incident at national level. To limit those threats, to address this challenge, we need a lot more dialogue and we need to work together. There isn’t enough debate on deep technical level between regulators, national competent authorities, telecom providers, technology providers, and security experts. We need to work on a more agile, flexible framework to discuss openly about risks involved and how to address the challenges we detect.  

We cannot hide from the risks we are dealing with. It’s important to talk about risks within the organizations and acknowledge them.

Luckily, we still have enough brains produced by Romanian universities to ensure the expertise we need to tackle these cybersecurity issues. We must take measures to keep this pool of talent going on year after year. Last year we estimated a gap of 2,200 cybersecurity experts at Romania’s level and that gap has increased this year. We are now missing close to 3,000 cybersecurity experts according to estimates from the Directorate. The key to success in tackling cybersecurity threats is to have enough brains, experts, and human capabilities.”

Full recording of the event here