NATO treats cybersecurity as a core element of its collective defence and deterrence strategy, Ioan C. Bacivarov, president of the Romanian Association for Information Security Assurance (ARASEC), said on Thursday at a specialised event.
He emphasised at the opening of the event that cybersecurity has evolved from a technical concern to a fundamental pillar of global stability.
"The modern threat landscape is more complex than ever, shaped by geopolitical tensions, AI-based attacks, and an expanding digital ecosystem that blurs the line between personal, corporate, and national security. In the current international circumstances, NATO treats cybersecurity as a central element of its collective defence and deterrence strategy," Bacivarov said.
According to him, organisations face a dual challenge: defending against increasingly sophisticated adversaries while maintaining trust, confidentiality, and operational resilience.
"The rise of generative AI threats, deepfake technology, and quantum computing redefines what it means to be 'secure'. Meanwhile, human factors - awareness, behaviour, and ethics - remain the most critical layer of defence," the ARASEC president said.
He stated that decision-makers must collaborate constantly.
"The path forward requires collaboration, transparency, and continuous innovation. Cybersecurity is no longer just an IT problem - it is a shared responsibility between sectors, governments, and individuals. Together, we must move from reactive defence to proactive resilience, building a safer digital future for all," Bacivarov added.
Roxana Morea, adviser at the European Commission Representation in Romania, briefly presented the EU measures on cybersecurity and stability and highlighted that the EU approach is guided by four principles: prevention, detection, response, and deterrence.
She referred to the NIS2 Directive, which helps raise the overall level of cybersecurity in the EU. "It extends the scope of the original NIS Directive to a wider range of operators, including medium and large companies across sectors such as energy, transport, banking, healthcare, drinking and wastewater, digital infrastructure, public administration, and waste management," Roxana Morea explained.
According to her, the EU Cybersecurity Act provides a certification framework and strengthens the cybersecurity agency, ENISA, complementing the directive on network and information system security. The Cyber Resilience Act also introduces mandatory cybersecurity requirements for hardware and software throughout their lifecycle.
Another law, the Cyber Solidarity Act, reinforces EU solidarity and coordinates actions for detecting, preparing for, and responding to increasing cyber threats and incidents via the European Cyber Alert System, a network of national and cross-border operational security centres that detect, analyse data and information about threats and incidents, and provide timely alerts.
The EU has also integrated two networks to manage cyber crises: EU-CyCLONe (European Cyber Crisis Liaison Organisation Network) and CSIRT (CSIRTs Network). The first is a cooperation network between national authorities responsible for managing cyber crises, and the second is made up of teams responding to computer incidents.
Additionally, the Commission works to deter cybercrime through its cyber defence policy and cyber diplomacy toolkit.
Meanwhile, Constantin Viorel Marian, vice-president of IEEE Blockchain Group Romania and professor at Politehnica University Bucharest, said educational programmes need to be future-oriented and keep pace with cyber threats. "We must adapt security and AI programmes while also integrating automation, which often occurs in cloud infrastructure," he explained.
Danut Turcu, head of department at the National Defence University Carol I, discussed curriculum adaptation. "At the National Defence University, we train staff officers and future leaders, not engineers. Mid-career, good engineers, even in the cyber field, can take courses at the Defence University. We work according to the digital transformation strategy we began implementing two years ago, focusing on interdisciplinary education, practical training, and simulation. We also consider research and development, leadership training, and continuous learning and adaptation," Turcu said.
Carmen Cirnu, scientific director at the National Institute for Research and Development in Informatics - ICI Bucharest, emphasised that AI-based solutions are becoming essential for cybersecurity due to advanced threat detection and response capabilities.
According to her, more than half of companies seeking cybersecurity specialists face major difficulties finding qualified personnel. "Moreover, between 70% and 80% of employees with cybersecurity tasks lack formal qualifications or certified training," the ICI Bucharest representative stated.
Cirnu added that AI can enhance human capabilities and enable more robust and resilient cybersecurity infrastructures.
"Integrating this technology into cybersecurity not only improves response times but also increases overall defence effectiveness. It can ensure that digital infrastructures remain secure against the threat landscape, partially compensating for the lack of qualified personnel. This is why universities' study programmes and their continuous updates are essential for advancement in the field," she emphasised.
Claudia Nicolae, director general at AGERPRES National News Agency, highlighted that attacks in the media occur in two forms: technical and narrative.
"Cyberattacks attempt to compromise systems or extract data. Narrative attacks seek to distort facts, manipulate perception, and exploit societal vulnerabilities. For us, these are operational risks affecting public trust in real time," Nicolae said.
She argued that media professionals need three skill sets to combat disinformation: analytical, digital, and situational.
"Journalists must verify data from multiple sources, understand how content is falsified, and identify narrative patterns used in influence operations. They must also understand algorithms, how cyber incidents unfold, and how metadata and geolocation support verification. Finally, they must work under pressure, identify coordinated inauthentic behaviours, and understand how hybrid threats combine technical gaps with psychological operations. These skills are no longer optional. They define professional journalism in a high-risk information ecosystem," the AGERPRES director general added.
Emanuela Savu, director general at the Romanian Banking Institute, said banking and financial professionals must develop a combination of technical, analytical, and regulatory skills to protect institutions from increasingly sophisticated cyberattacks.
These skills include cybersecurity and threat awareness, data protection and privacy, regulatory expertise and compliance, risk management and operational resilience, digital and cloud infrastructure, data analysis and monitoring, and cross-functional communication and crisis management.
Dan Draghia, expert at the European Institute in Romania, identified three main difficulties in cybersecurity: workforce shortages and skills mismatch; uneven implementation of EU directives at the national level; and fragmented education, training, and interoperability across member states and the EU level.
ARASEC and the European Commission Representation in Romania are organising CyberCon Romania 2025 on Thursday and Friday in Bucharest, dedicated to research and the exchange of best practices in cybersecurity. The conference is supported by the US Embassy in Romania.
CyberCon Romania 2025 is part of the events organised this autumn in Europe as part of European Cybersecurity Month, the annual campaign promoting awareness and best practices in cybersecurity across EU countries.
Comentează