CERT-RO organized at Cluj-Napoca the second workshop in the eCSI project

On Thursday, 16 may 2019, CERT-RO organized the wokshop: “Specific ways to improve cooperation and information exchange on cyber-security alerts” in Cluj – Napoca.
The event brought together 30 representatives from the public and private sector, representing the second workshop organized within the “Enhanced National Cyber Security Services and Capabilities for Interoperability (eCSI)” project.
In this workshop, our cyber security experts presented the stage of the eCSI project and the interconnection methods to the National Cyber Security Platform(NCSP) developed within the project, in the context of the implementation of the NIS concepts and mechanisms.
Also, the threat information sharing platform (Malware Information Sharing Platform – MISP) was presented, hands-on exercises were conducted, and the taxonomy proposed by CERT-RO to be used at national level was discussed.
The eCSI project, co-financed 75% through the CEF Telecom Program, aims to extend the operational capabilities of CERT-RO and the cyber security services it provides at national level, thus allowing CERT-RO to interconnect to the cooperation mechanisms of the European Union. The services will ensure compliance with the requirements of EU Directive 2016/1148 “NIS DIRECTIVE”, transposed by Law 362/2018 “a high common level of security of network and information systems”.

CERT-RO finalizes cyber security training sessions organized within the eCSI project

CERT-RO has organized a series of cyber security training sessions dedicated to managers and IT staff (network and system administrators) from public institutions in Romania, aiming to raise their awareness and cybersecurity knowledge. The activity was part of the project “Enhanced National Cyber ​​Security Services and Capabilities for Interoperability (eCSI)” having as main objective to contribute to the strengthening of the cybersecurity level of public institutions in Romania.

More than 40 managers from public institutions were trained during the two sessions dedicated to this category which took place between 18-21 and 25-28 of March 2019.

Subsequently, the dedicated sessions for IT staff (network and system administrators) took place between 1-4 and 9-11 April 2019 having 40 attendees.

The training sessions provided information on technical and organizational requirements to ensure a high level of common cyber security in accordance with the legal requirements (e.g. EU Directive 2016/1148 “NIS DIRECTIVE”, transposed by Law 362/2018 “On a high common level of security of networks and information systems”) and included topics such as risk management, protection methods, legal framework, cooperation in response to cyber security incidents as well as incident reporting, the classes comprising both theoretical and practical elements.

The eCSI project, co-funded 75% through the CEF Telecom Program, aims to extend CERT-RO’s cyber security capabilities and services that the institution provides at national level. The implementation period of the project is 2 years (1 September 2017 – 30 August 2019).

eCSI intermediary conference

Yesterday, more than 90 specialists attended “The eCSI Project: Further Steps for Enhanced Cyber Security Services” where the current stage of the project “Enhanced National Cyber Security Services and Capabilities for Interoperability – eCSI”, implemented by CERT-RO was presented.

The event was marked by the presence of cyber security experts, decision-makers in the political environment and representatives of public and private companies.

Mr. Ionuţ-Andrei Valeriu, State Secretary within the Ministry of Communications and Information Society, highlighted the importance of the project for the Ministry of Communications, in light of the services developed by CERT-RO, meeting the requirements for increasing incident prevention and management capacity at national level, as well as participation in the EU-wide unitary ecosystem for incident response.

CERT-RO General Director, Mr. Catalin Aramă, pointed out the importance of cooperation in the field of cyber security, the role of Europe’s Interconnection Mechanism and the role of the NIS Directive, in providing a cyber security environment.

The main topics discussed at the conference were:

  • CERT-RO mandate and the NIS Directive
  • Presentation of the project current stage “Enhanced National Cyber Security Services and Capabilities for Interoperability – eCSI”
  • National Cyber Security Platform Demo (NCSP)
  • Cyber security courses dedicated to managers and technical staff in public institutions

CERT-RO launches the Enhanced National Cyber Security Services and Capabilities for Interoperability eCSI project

The eCSI Project: Roadmap to Enhanced Cooperation in Cyber Security event is held today, February 14 at the Impact Hub in Bucharest. The event marks the launch of the Enhanced National Cyber Security Services and Capabilities for Interoperability – eCSI project, implemented by CERT-RO. The Secretary of State in the Ministry of Communications and Information Society Ms. Manuela Catrina and the General Director of CERT-RO, Cătălin Aramă, held the opening adress. The subsequent discussions were moderated by the Deputy General Director of CERT-RO, Mircea Grigoraș.
The eCSI project, co-financed through the Connecting Europe Facility Europe Facility (CEF) Telecom Work Programme 2015 (C(2015) 7381), benefits from a 869.000 euro grant and aims to extend CERT-RO cyber security capabilities and services it offers at a national level. The project will connect CERT-RO with the European cooperation platform and contribute to the compliance process mandated by the EU Directive on Security of Network and Information Systems (NIS Directive). The implementation phase will be two years long.
The project kick-off event aims to facilitate dialogue with cyber security specialists from companies and institutions under the NIS umbrella. It specifically fosters concrete means of cooperation in information and data exchange platforms, data formats and interfaces, as well as recommended software tools.
The event will gather representatives from NIS-specific national authorities and companies, internet service providers, academia and cyber security specialists.
Person of contact: Cătălin Pătrașcu – Project Manager (tel. no. 031 6202187, fax 031 6202190, e-mail catalin.patrascu@cert.ro)

Dissemination & Cooperation

Under this activity, the results of the action will be disseminated to cyber security stakeholders in Romania (such as cyber security authorities, public institutions, private organisations in different economy sectors, internet service providers, academic sector, mass media and citizens) and at the European level through various communication channels, conferences and workshops. The aim of the activity is to enhance cooperation at national and European level and to contribute to the development of the European cybersecurity information sharing community. This activity will also include the planning of the sustainability of the action. Dissemination and communications activities will include three conferences, two workshops and meetings; press releases; social media communication, CERT-RO website announcements; and promotional materials. Dissemination will target cyber security authorities, public institutions, private organisations in different economy sectors, internet service providers, academic sector, mass media and citizens.

Press release: CERT-RO organizes the first eCSI workshop

Today, June 29, 2018, the first workshop of the project “Enhanced National Cyber ​​Security Services and Capabilities for Interoperability – eCSI” was held in Constanta.

 

More than 40 representatives from the public, private and academic environment discussed the best interconnection methods at the National Cyber ​​Security Platform developed within the project. The capabilities developed will allow for the interconnection of the CERT-RO platform with the European-developed cooperation platform and will help ensure CERT-RO compliance with the requirements of the NIS Directive.

 

At European level, EU Directive 2016/1148 (NIS Directive) seeks to ensure a high common level of security in the Member States, both through European cooperation mechanisms and by imposing an obligation on Member States to have a suitable regulatory framework for to ensure that incidents are notified and minimum security measures are taken by service providers in seven key sectors and by digital service providers. The seven key sectors are: Transport, Energy, Drinking Water, Infrastructure of the Financial Market, Banking, Medical, Digital Infrastructure.

 

In this context, the eCSI project, co-financed 75% by the European Interconnection Mechanism (CEF Telecom), aims to extend CERT-RO’s cyber security capabilities and cyber security services at the level of national network by developing a National Cyber ​​Security Platform that will connect the public and private organizations in Romania and the establishment of a Call Center on Cyber ​​Security and a Malware Investigation and Investigation Laboratory.

Joint Cybersecurity Trainings

This activity will provide cybersecurity trainings for managers and IT staff (network and system administrators) from public institutions in Romania, aiming to raise their awareness and cybersecurity knowledge. The activity will contribute to the strengthening of the cybersecurity level of public institutions in Romania. A training room will be set and equipped with 20 mobile workstations (laptops) capable of running virtual machines and having installed a series of software tools/products needed for training sessions. A number of 20 people can be trained simultaneously, each of them having their own training toolkit (laptop and specialized software). CERT-RO will develop it’s own training curricula and materials for the training sessions dedicated to managers and IT staff from public institutions.

The Digital Forensics and Malware Analysis Laboratory

This activity aims at increasing CERT-RO’s technical capabilities and personnel expertise in the fields of digital forensics and malware analysis. To this end, a dedicated laboratory equipped with specialized toolkits and a sandbox platform for automation of malware analysis tasks will be set up. Moreover, CERT-RO personnel that will be responsible for Digital Forensics and malware analysis activities will be trained to acquire more specific expertise in these areas, especially in using that type of technology that will equip the laboratory.

National Call Center for Cyber Security(NC3)

This activity will enhance CERT-RO’s communication infrastructure by adding a call centre component (i.e. the National Cyber Call Centre – NC3) which will be used for processing cybersecurity notifications made by phone call.

The NC3 will ensure a 24/7 availability. The call centre will be available to all citizens, public and private organizations in Romania to report cyber security incidents. The service will be provided free of charges for the users (call charges may be applied by telephone operators).

By establishing the NC3, CERT-RO will meet the requirements imposed to national CSIRTs by the N1S Directive, namely: set-up of several means for being contacted and for contacting others (individuals, private and public institutions in the CERT-RO constituency and other entities that CERT-RO cooperates with, including authorities) at all times; high level of availability of communications services, adequately staffed to ensure availability at all times; monitoring incidents at a national level. In order to operate the call centre, staff with a medium IT and information security background and expertise will be recruited and trained.

The NC3 staff will consist of operators hired to this purpose that will work in shifts in order to assure 24/7 availability of the service.

NC3 is operational and available at:  031/62 02 180