Cyber-security maturity in some critical infrastructure operators, especially in the area of healthcare, is relatively low in Romania, but we are talking about a somewhat waidespread situation at the level of the European Union (EU), Dan Cîmpean, director of Romania’s National Cyber Security Directorate (DNSC), told a specialist conference on Friday, write Agerpres.
„We are witnessing a diversification, first of all, of the formats and ways in which these critical infrastructures are thought out, designed, implemented, and managed. We are obviously witnessing an increase in their complexity, first of all from a technical point of view, an increasingly higher interdependence in which virtually no operator, no critical infrastructure administrator, in isolation, can solve all the vulnerabilities, all the incidents, all the problems they face. Given various categories of actors that are involved, in the field of healthcare in particular , we are the regulatory authority in the area and we have practically hundreds of hospitals, hundreds of clinics, a lot of pharmacies. We are witnessing critical infrastructure operators, especially in the area of healthcare with a low level of information security, of cyber security, relatively low, which is not peculiar to Romania only. It is a somewhat widespread situation at the level of the European Union. The healthcare area is not the active, mature and efficient student anymore. We can see too often, in my opinion, a lack of understanding of the subject of cyber-security and awareness on the part of the management of such organisations, too little understanding of their legal obligations, most of the time of the complexity and magnitude of the challenges they face,” said Cimpean.
He added that old infrastructures are another problem area, as well as the shortage of cyber-security special staff.
„Starting from this insufficient awareness, we are witnessing outdated, unoptimised infrastructures of a spaghetti type of architecture in which they have brought and kept adding layers upon layers of new technologies, new systems, with too little attention to security at the time when they designed and implemented them. Above all, we are witnessing a critical lack of experienced and specialist personnel in the institutions, public or private actors, who must deal with critical infrastructures,” added Cimpean.
Infrastructure management professionals, security experts, decision-makers and industry leaders on Friday participated in a conference on critical infrastructures.
