Romania recorded a “spectacular rise” in the number of cyberattacks aimed at its infrastructure shortly after Russia’s invasion of Ukraine, the country’s chief national cybersecurity official told POLITICO.
At one point, four days after Russian troops entered Ukraine, Romania’s cybersecurity authorities saw an increase in cyberattacks by roughly 100-fold, according to the director of the country’s National Cyber Security Directorate (DNSC), Dan Cîmpean.
The authority found that a vast majority of the IP addresses where the attacks originated were from Russia, while some were traced back to the U.S. and European countries. When the agency published a list of the attacks’ IP addresses, however, the attacks died down.
“It’s like a game of cat and mouse,” said Cîmpean.
The attacks on Romanian targets are significant because they represent a test case of cyberattacks happening on European soil that are linked to the invasion — something cyber experts call “spillover” of the war.
EU and NATO officials are concerned about this effect and fear Moscow could use its hacking groups to disrupt the Western response to the war. In turn, these cyberattacks could force Western governments to respond and get involved in the armed conflict.
For their part, European authorities in past weeks have warned about an increased risk of cyberattacks from Russian actors, but they have also stressed that Europe hasn’t yet seen a substantial increase in the number or in the severity of the attacks on its networks.
Cîmpean confirmed that assessment, saying there’s “no exponential growth in incidents at European level” and that the level of cyberattacks is “constant, sustained.” Romania, with its higher levels of attacks in those first days of the conflict, is an exception.
Meanwhile, Cîmpean sees European authorities “at a high level of alertness due to the events in Ukraine.” But he warned that the often under-resourced cybersecurity agencies and Computer Emergency Response Teams (CERTs) will have a tough time as the crisis drags on.
Being on alert “is the new normal,” he said, warning that it’s “extremely difficult to maintain technical teams at a heightened level of attention over a long period of time.” And the fact that attacks came from IP addresses in Russia doesn’t confirm a link to Russia’s government or command, he noted.
As part of its response, Romania has offered cybersecurity support to Ukraine in partnership with Bucharest-based antivirus company Bitdefender, Cîmpean said. The government has also proposed making experts and technology — such as analysis or hacking identification tools — available if needed.
The country is part of an EU “rapid response team” of a dozen cybersecurity experts that has been mobilized to support Ukrainian authorities in defending networks.
For now, Romania is “waiting for concrete proposals from Ukraine,” Cîmpean said. But cybersecurity might be “the least of their problems at the moment,” he added.
Laurens Cerulus contributed reporting.
This article is part of POLITICO Pro
The one-stop-shop solution for policy professionals fusing the depth of POLITICO journalism with the power of technology
Exclusive, breaking scoops and insights
Customized policy intelligence platform
A high-level public affairs network