Romania’s cybersecurity leadership: How a Black Sea nation may become a strategic ally of the U.S.

In today’s context of the Ukraine invasion, “the world’s first full-scale cyberwar,” the changing nature and number of cyber incidents makes cyberspace protections an essential matter of global security. Cyber threats must be treated as a geopolitical and national security priority and backed by NATO and the European Union. Moreover, as Washington is crafting its first Black Sea Security Strategy, U.S. policymakers must address cybersecurity, too. Following the recent trends opens a new space of both threats and opportunities, and most notably Romania could play a particularly consequential role in protecting cyberspace and enhancing cyber resilience.

Cyber warfare is no longer separated from traditional domains like air, sea, land and space. Starting with the 2010s, NATO member states of Central Eastern Europe countries included cyber defense into their national security strategies. And more recently, since the COVID-19 pandemic outbreak, the Russian invasion of Ukraine, and the NATO Madrid Summit earlier this year, cybersecurity became an important priority as more sophisticated attacks targeted national critical infrastructure, government agencies and private institutions. 

Driven by such increased global threats, Romania has become one of the most competent NATO members in terms of cyber capabilities. First, Romania has an extensive pool of cyber talent and a proactive governmental approach to further develop the Information Technology & Communications sector. Despite being the EU’s second poorest member by Gross Domestic Product, Romania leads Europe and ranks sixth globally in certified information technology workers per capita. Moreover, Romania ranks first in the EU by the number of IT freelancers and third by the number of women within the Information Technology & Communications domain. With one of the fastest growing economies in the EU, Romania’s IT&C sector accounted for almost 7 percent of the country’s 2021 GDP, up from 6 percent in 2018.

In the area of cybersecurity, Romania has already been leapfrogging (Romania also holds the world’s seventh and EU’s second high-speed development of broadband) and has proved to be a fertile ground for fast, new developments.

While the broader categories of research, development and innovation are quickly expanding in Romania, the fastest developing segment of Romania’s IT&C sector remains outsourcing. Romania ranks third in terms of software exporters after India and China. Such developments alongside an established Western-like work culture, have made Romania an attractive destination for top-ranked international IT companies from the U.S., UK, Canada, Israel, India and others. 

This international recognition comes after years of efforts to uncover and neutralize very malicious and some very famous (like Guccifer) hackers or more recent Internet crime networks and ransomware.

Secondly, cybersecurity has become a major national security interest for Romania. Beyond its internal needs and existing capabilities, and given its geostrategic location in Southeast Europe, Romania’s capabilities in cybersecurity provide opportunity for the country to become the leading regional security provider in the Western Balkans and Black Sea region. To further this capacity, the Romanian Government established the National Cyber Security Directorate in September 2021. The NCSD replaced the decade-old U.S.-backed initiative of the “Romanian National Computer Emergency Readiness Team” and aims at positioning Romania as a regional if not global leader in cybersecurity. Additionally, the NCSD complements the Romanian Cyber Command, the military cyber unit which operates within the Ministry of National Defense and was launched in 2018.

Romania has become part of various supra-national cybersecurity initiatives and has tried to place itself as a major actor in the field. Notably, in 2019, Romania became the first country to join the Clean Network Alliance of Democracies on 5G security cooperation, an initiative spearheaded by Keith Krach, former U.S. Under Secretary of State. The United Nations Group of Governmental Experts is another structure where Romania is continuing to play an important role where alongside with other 24 nations, it is working to advance “responsible State behavior in cyberspace in the context of international security.” 

Previous engagements include NATO’s Ukraine Cyber Defense Trust Fund (2014) and the Multinational Cyber Defence Capability Development Project, which it co-founded in 2013 with Canada, Denmark, the Netherlands and Norway. Looking forward, transatlantic security experts are suggesting that Romania should host a regional operational hub to coordinate NATO, the EU and the Three Seas Initiative’s efforts in hybrid domains (cyber and information operations).

Such developments have been consolidating the leadership and commitment that Romania has undertaken within NATO in recent years.  From burden-sharing, the increase from 2 percent to 2.5 percent of GDP for defense spending, to hosting joint military exercises or the modernization of the Mihail Kogalniceanu and Câmpia Turzii Air Bases, Romania is setting the stage to become a true regional security powerhouse. 

For Romania, elevating cybersecurity on the transatlantic agenda and fortifying initiatives in this area must be a top priority and could be a major achievement. Additional areas to include should be the adaptability of Romania’s legal, technological and talent resources to the changing cyber and conventional threats in its environment, while also including broader issues of cyber hygiene and trust among Romanians when using electronic services.

Similarly, more strategic thinking needs to be put into the protection of non-military infrastructure such as energy and utilities, healthcare providers, and small businesses.

To further sustain its commitment to the transatlantic cybersecurity partnerships, Romania in May 2021 launched the Euro-Atlantic Centre for Resilience with the stated mission to “promote NATO and EU objectives in the field of resilience (and sustainability of transatlantic) and will facilitate a comprehensive response at governmental level and society level.” This initiative followed the December 2020 decision of the EU to entrust Romania with the new European Cyber Security Competence Centre seeking “to increase Europe’s capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity community.” The new centre will play a crucial role in driving the EU’s cybersecurity agenda. This historical event was commended by the U.S. Department of State, too.

As hybrid activities from Russia are escalating, with the right policies plus NATO and EU support, Romania could pioneer cybersecurity projects that would increase its safety, expand its cooperation abilities with allies and inspire its regional neighbors and Western partners alike.

Now is the time for Romania to step up and lead for the good of the country and beyond — to once and for all reach its potential in this field and thereby solidify its leadership in Western Balkans and Black Sea region. And the U.S. should base its policy on his trusted ally, Romania.

Dorin Munteanu is the Co-Chair of the DC Cyber Task Force at the Romanian-American Chamber of Commerce in Washington, D.C. and an Advisory Council Member at Krach Institute for Tech Diplomacy at Purdue University. Dan Cimpean is the Director of the Romanian National Cybersecurity Directorate and a Founding Member of DC Cyber Task Force at the Romanian-American Chamber of Commerce in Washington, D.C.