Cyber resilience has to be a top component of Moldova’s National Security Strategy. Commentary by Natalia Spanu /// IPN.MD

„In the case of Moldova, it is important to have an active and cohesive cybersecurity vision that is integrated into the National Security Strategy (NSS) and responsible for developing cybersecurity activities on a joint basis, involving the private and the public sector for shaping the cyber policy narrative of the country…”

The regional and global security architecture are making it difficult to ascertain to fall out of events in the medium and long term; as the war in Ukraine, the global climate crisis and the uncertain global economic landscape are a sign that multiple crisis can hit any point in time. The current rise in inflation and heat waves are in indication that national security strategies for countries such Moldova need to become more comprehensive, resilient and systemic in nature.

As the global threats have multiplied and magnified beyond the conventional security threat’s perception, the current National Security strategic formulation cannot ignore the importance of inclusion of a national cybersecurity framework as part of Moldova’s national security architecture. All national security infrastructures and services need to inculcate a comprehensive cybersecurity component inclusion that establishes a range of national, regional and citizen level objectives and priorities as a key policy feature.

Why should we prioritize cyber security?

A common objective of a country’s security strategy is cyber, as cyber spans across all sectors and across all levels. Cyber security has been universally accepted as an integral part of all security mandates, as cyber functions span across the state, the economy and are integral to internal and external security parameters of any nation state. As internet enters into more houses with high-speed bandwidth, more users are utilizing the power of smartphones and more devices become digitally advanced such as television or washing machines. The data traffic is on an exponential rise. Thus, cybersecurity must be at the forefront of all digital discussions, as the exponential growth in digital devices and data generation and the accelerated use of technologies, such as artificial intelligence and machine learning, would make the devices much smarter and easier to use in near future.

Moldova’s new National Security Strategy, which is going to be drafted in the next months, must inculcate a collaborative vision to enhance cybersecurity as part of all its security initiatives, from threat information sharing to awareness raising. National Security Strategy (NSS) is advisable to have a collaborative and formal structures that must take the regional and sub-regional sharing and analysis of information from EU and the neighboring states Romania and Ukraine. Moldova must consolidate its cybersecurity capabilities to do more with the resources and thus the need to develop a comprehensive cybersecurity strategy with a multistakeholder engagement and public-private partnership (PPP) has become imminent with current regional and global challenges.

The National Security Architecture of Moldova and Cybersecurity

For Moldova, the NSS acts as the main go-to document and thus must set strategic principles, guidelines, and objectives and in special cases specify measures to integrate cybersecurity into national security planning documents and regularly conduct joint exercises with vital service providers, including senior leadership and national defense organizations. Political leadership must be in-line with Moldova’s cybersecurity risks and put in place measured to mitigate cyber risk on priority. For example, to strengthen critical infrastructure against various cyber threats and to uphold the trust of the citizens, the National Security Strategy (NSS) must propose a National Cybersecurity Law (NCL). The NCS Law would improve Moldova’s national overall security capabilities, enhancing the cooperation between the private and public sector, while also requiring Moldova to make sure that all ministerial departments and critical infrastructure services to report major incidents to national authorities and to adopt risk management practices.

In the case of Moldova, it is important to have an active and cohesive cybersecurity vision that is integrated into the National Security Strategy (NSS) and responsible for developing cybersecurity activities on a joint basis, involving the private and the public sector for shaping the cyber policy narrative of the country. The following are the six main arguments to make a national cybersecurity law (NCSD) as part of the National Security Strategy (NSS) for Moldova.

1. The global security architecture is getting digitally transformed. The war in Ukraine has made brought the reality of national governments to invest in protecting its critical cyber assets and citizens in particular. For Moldova, it is important to be self-reliant to fend off tens of cyberattacks from adversaries from simple – phishing emails to more sophisticated attacks targeting the nation’s most precious data infrastructure assets, such as electricity grids and public communication installations. For Moldova, protecting itself from federal agencies with big cyber infrastructure assets is not easy job, but an incredibly important one as more and more information goes digital. Thus, making cybersecurity Law as part of the National Security Strategy shall put to context the importance of useful and practical recommendations to protect the critical data for every citizen, financial data, information related to national security and every aspect of digital information.

2. Importance of Data Security as part of National Security. As the hackers have gotten more sophisticated so have the tools to stop them. To fight back, government must have basic cybersecurity tools. National agencies need to protect data at every stage of its life from the moment it is collected, to when it is transmitted, to where it is stored and finally until it is deleted. The National Security Strategy (NSS) for Moldova must highlight the challenge of data security as a key one. More importantly, intelligence and defense agencies need to keep information secured at all costs. For any federal government, keeping information secured can be difficult, but failure to do so can be catastrophic.

3. Creating an inclusive cybersecurity conscience as part of National Security thinking. National Security would be impossible to operate without an adequate cybersecurity law in today’s data and internet driven world. National Security Strategy of Moldova must incorporate coordination of governmental stakeholders, a comprehensive legal framework including cybercrime and the protection of personal data and formulation of technical and organizational measures and procedures that focus on hardware, software and physical spaces security in cyber terms. Inclusion of a National Cybersecurity Law shall present an adaption measure and all necessary structures and instruments and thus empower authorities to think and act in cyber terms.

4. E-governance demands implicit cybersecurity. Learning from the example of nation states such as Estonia, there is merit in implementing e-government systems as e-governance enhances service delivery, provides transparency and eliminates corruption as reduced information exchange takes place via human intervention. E-governance is effective in improving accountability and transparency of government systems thus building greater trust and citizen participation.

5. The EU National Security Directive from 2016 must serve as a relevant model for Moldova. The European Commission had adopted the Network and Information Security Directive (NIS Directive) in July 2016. The aim of the NIS Directive is to improve the EU Member States’ national cybersecurity capabilities, enhancing the cooperation between the Member States, the public and the private sector, while also requiring companies in critical sectors to report major incidents to national authorities and to adopt risk management practices. Thus, for Moldova, it would be important to develop and adopt its own notational cybersecurity legislation in order to work closely with the European Union (EU) and contribute effectively to a regional pan-European cyber security strategy. This is very much in the interest of Moldova under the current Russia – Ukraine war.

6. Artificial Intelligence and Machine Learning (AI / ML) as convoluted cyber-threats: It is also important to note that increasingly the newest cyber tools are using the power of artificial intelligence and machine learning (AI / ML) and thus it is becoming relatively difficult to stop  malicious actors in their tracks and prevent important and sensitive data from falling into the wrong hands. The NCSD would also help in identifying and stopping threats that are originating from the use of new age technologies and help in providing complete visibility with recommendations for proactive threat detection, real-time threat assessment and risk management in cyber world.

Instead of conclusions

The diversification of the digital technologies and its development will result in diversification of cyber-attack methods, means and targets and would require constant changes and adaptability in the possibilities for safeguarding cybersecurity. Digital dependence of Moldova would also increase and this would demand the state to work in close partnership with the private sector as much cybersecurity tools, audits and safeguards are with the private sector. In addition, the rise of e-governance services will impact all walks of life of citizens as all vital services such as water, electricity, housing and healthcare would get more and more dependent on information and communication technologies (ICT) and, therefore, digital basic infrastructure and its availability would remain a cornerstone of all national security strategy.

A NSCL is imminent as greater the digital footprint of citizens activities, greater the share of cyber offences as new means and methods for committing cyber-attacks arise. A cybersecurity strategy as part of the National Security Strategy shall impact the general digital security services architecture, improve upon the general population awareness and participation of citizens and create a good cohesive and trustful environment between the government and the private sector.

—

Natalia Spânu is the Executive Director of European Institute for Political Studies from Moldova (IESPM) and a cyber security expert.

—

This commentary is published within the project “Increasing the level of information and understanding of security and defense issues of the Republic of Moldova”, implemented by the Institute for European Policies and Reforms (IPRE) and Friedrich Ebert Foundation Moldova, in partnership with Zonadesecuritate.md and Zugo.md media platforms.