In the 21st century, when large financial institutions operate with digital data, most of the threats come from the cyber environment. Today we discussed cyber security and international best practices. Dinu ŢURCANU – Vice-Rector for Informatization, Partnerships, Institutional Image and Communication, UTM, and Donald Andy PURDY – Chief Security Officer, Huawei Technologies USA, who came to Moldova to participate in Moldova Cyber Week: Regional Cyber Security Forum, have discussed, at TVR, in the show “Obiectiv Comun” (Common Objective), what is cyber security: a concern for any smartphone owner, or just a concern of companies specialized in this field?
– Today, cyber security is an extremely important concern for both companies and individuals. A week ago, several companies in the Republic of Moldova were subjected to cyber incidents, with the violation of the e-mail service, messages being sent on behalf of their directors, after which the accountants made money transfers to the name indicated in the messages – in fact, the attackers of the respective systems. In other words, there is a growing awareness of the danger of cyber incidents, and people in the respective companies have undergone important trainings and mentioned that they will participate in events on this topic, one of which is Moldova Cyber Week, to minimize the risks of cyber attacks / incidents and to be as protected as possible, said UTM Vice-Rector Dinu ȚURCANU.
In the case of the Republic of Moldova, we are somehow accustomed to cyber security vulnerabilities, but is cyber security a challenge for the great powers of the world, such as the US, too?
– As we increasingly depend on information and communication technologies, it is important in our digitized societies to recognize the value of cyber security in terms of confidentiality, integrity and availability of information, so that we all act responsibly in the cyberspace. That is, if we are to refer to the cyber security strategy in the Republic of Moldova. Many nations in the world are developing such strategies. This initiative also involves working with other states on sharing information on various threats, so that we are all prepared for it. It is, first and foremost, about risk management, because we cannot eliminate all risks. It is very important for states, individual organizations, for key sectors, such as communications and mobile telephony, to understand what are the best practices in the field and to develop compliance programs, so that clients – companies, states – understand to what extent major service providers are addressing these risks, so to be sure that the services provided at government or private level will be at an appropriate level.
How does the communication between the private environment, authorities and academia / university centers in the creation of tools to combat cyber attacks take place in the Republic of Moldova? A good example in this regard is the Moldova Cyber Week event, organized by STISC, in partnership with the MAE, but also with UTM, which shows that the partnerships in the IT and Cyber Security domains go one step further. On the other hand, companies both within the ATIC and those present on the market of information technology and cyber security actively collaborate with the academic environment, where in fact the specialists who will be later employed in the field and who will subsequently provide IT and cyber security services are trained. If we are to refer to the government factor, the central administration, in collaboration with the Information Technology Service, carries out trainings for the employees of the government institutions, including for the non-IT staff, to increase their digital competences, talking about the risks of cyber security incidents that they may face daily, starting from corporate emails, social networks they have on their mobile phones or connecting to the internet at home from a device from the workplace, especially with very sensitive information, as the process can be insecure, thus causing information to leak. In this regard, the collaboration between the academic environment, private companies and government institutions is undergoing a rapid evolution, and we, at UTM, as the only institution of higher technical-engineering education, strive to be as close to this environment as possible.
Starting from the necessity of adopting and strengthening the legislative framework, Republic of Moldova having a 2019-2023 strategy, the question arises: how profitable are these laws and to what extent do they offer all the necessary tools to combat cyber incidents?
The legal framework we have is directed to the everyday reality, establishing all the necessary directions and actions that all parties must implement to strengthen their joint actions aimed at reducing the risks of cyber attacks or accidents. In the IT field, but also in other areas, the first and most important issue in this regard is the human factor, which is the key element in everything we call cyber security. Hence why some strategic elements of these projects and legislative acts include training and improving the information culture of all employees of various state institutions in order to successfully implement these plans.
Cyber dangers have come to affect not only privacy but also public image. In recent years, I have witnessed several election campaigns in different countries, in which cyber attacks have been involved. This is why the issue of international security and its importance arises.
– Much work is being done on the development and strengthening of internationally recognized standards, said Donald Andy PURDY, American guest. The company I run, but also other companies around the world are actively involved in this direction, as well as the EU, which work on risk assessment, initiate studies and global standards, collaborative schemes between various international bodies, offer recommendations for mobile operators, as well as for equipment providers, reaching the common objective and transparency that gives us confidence in these products.
To what extent does the Republic of Moldova cooperate with other states of the world on cyber security and how is it positioned on this global map?
Collaboration with the states of the world is very important for us, since we are dealing with the issue of international standards. The experience of big companies or countries of the world that have best practices in the field of information security exempts us from starting from scratch. We should import and implement these practices.
Moldova Cyber Week brings together over 400 registered participants with over 50 international speakers from the countries we work with – from EU, US, CIS etc. This collaboration has created reliable connections between the representatives of the academic environment, as well as of the central, governmental institutions, from whom we expect opinions and assessment regarding the implementation of these practices in our country.
Donald Andy PURDY is excited to participate in this important Cyber Security Forum, which has gathered renowned national and international experts and is enjoying worldwide recognition.
Currently Chief of Security at Huawei Technologies USA, formerly Donald Andy PURDY was primarily responsible for the cyber security of the US government in 2004-2006. Prior to joining the Department of Homeland Security, the expert was a member of the White House staff, where he assisted in the development of the US National Strategy for Cyberspace Security (2003). He also occupied the position of co-chair of the national intervention group for preparation and handling cyber incidents of national importance.