Олег Онопрієнко War 20 March 2025, 09:00

“Ukraine now has the largest cyber army in the world. The democratic world needs this experience.” Interview with a top Romanian cybersecurity official about Russian hackers, global cyber challenges, and Ukrainian realities

Hybrid threats, attacks on critical infrastructure, interference in electoral processes — all of these have become a reality of the modern world. How is Europe responding to these challenges, what can governments and businesses do, and what role does Ukraine play in cybersecurity?

dev.ua spoke with Dan Cimpean, Director General of the Romanian National Cyber Security Directorate, about cooperation between European countries in cyberspace, the importance of rapid information exchange and countering cyber threats. The conversation took place on the sidelines of the Kyiv International Cybersecurity Forum.

Who is Dan Cimpean?

Dan Cimpean is the Director General of the Romanian National Cybersecurity Directorate (DNSC), with over a decade of experience in cybersecurity and international cooperation in this field. He was the Chair of the Cooperation Group during the Romanian Presidency of the Council of the European Union.

«Ukraine and Moldova are candidate members, and we need to integrate them into a common cyberspace»

― At what stage is this cooperation between European Union member states in the field of cybersecurity now?

The reality is that cooperation already exists. It’s just a matter of making it more intense and faster.

We need to act together, initiate joint projects. In the past, coordination between countries, coordination of national cybersecurity bodies, and launching specific initiatives required significant efforts. Now is not the time — we live in complex times, where both the political landscape and technologies are changing extremely quickly, while mechanisms for international cooperation remain slow.

It’s not just about technical collaboration, where teams exchange signals about a potential cyber threat or attack. We need to create robust mechanisms for a joint incident response. If there is one attack, it’s likely that attackers will strike in multiple directions at once. We need a coordinated response.

For example, the Romanian Cybersecurity Directorate has joined the European Solidarity Mechanism. One of them is EU-CyCLONe, a network of cyber crisis management officers. Another is the CISR Network, a platform for response teams.

During the Romanian elections, when hacker attacks were combined with foreign interference, propaganda, and manipulation—mostly from Russia—it became clear that these mechanisms needed to be activated immediately. And they managed to do it in two or three days.

However, these mechanisms operate within the framework of the European Union, and we are not talking only about the EU. Europe is wider than the European Union. Ukraine and Moldova are candidate countries, and we need to integrate them into a common cyberspace, build coordinated support in a multilateral format.

― Which European countries are the biggest drivers in promoting cybersecurity at the supranational level?

Romania, Poland and the Baltic countries are very active in this direction, as they are on the front lines of the eastern flank of the EU and NATO. We have a critical mass of experts, companies, national cyber ecosystems, which allows us to effectively complement each other.

Discussing this with governments, national cyber agencies, and businesses, I see enormous interest in such a model of cooperation, and in particular, in integration with Ukraine and Moldova.

― What about large European powers such as France and Germany?

France and Germany are also very active, although due to recent political changes at the state level, their main cyber agencies are now working a bit slower, especially when it comes to reaction and response. But they have the capacity, the budget, the technical knowledge, the drive and the will to work and move forward in cooperation.

On the other hand, we see how these processes are taking place in the Baltic countries, Poland, Romania, we can act much faster, and, frankly, we are much more active. That is why we are here (at the cybersecurity forum) — to support, to cooperate.

«The EU currently lacks around 500,000 experienced cybersecurity experts»

― What was your reaction to the United States' ban on canceling the exchange of information with Ukraine regarding cyberattacks and conducting all cyber offensive operations against Russia?

Honestly, it is difficult for me to comment, because I do not know what information was transferred to the Ukrainian authorities. We do not have such details. But I sincerely believe that any disruption of the exchange of information between the countries of the democratic world, us and Ukraine, which is waging a war for survival, can only harm. Ukraine is fighting for its own territory, for its own independence, for its own sovereignty, and such actions are counterproductive.

― It also means that in the future there is a possibility that this could happen, for example, to your country, and that the US is not such a reliable partner.

In my opinion, this development encourages the creation of alternatives.

It is good practice to have alternatives, to ensure multilateral exchange of information, especially in the field of cybersecurity. After all, this is one of those industries where there is no need to physically move resources. This is not military equipment that needs to be transported across the border — everything is available just a click away.

All you need to do is exchange information and you can be present and support your friends, allies and partners 1,000 to 2,000 kilometers away, without even having to send teams of specialists to the place. And this is one of those areas where it will be easier for us to continue and expand our cooperation.

― Yesterday, Dr. Josef Schroefl, during his speech at a cyber forum, stated that the Russian Federation, Iran, China, and North Korea are on the verge of dividing up the spheres of attack in cyberspace among themselves. How should the Western world react to this?

Cyberwarfare, information warfare, is a battlefield. It is part of the hybrid world. It would be naive for democratic countries to think that without efforts in this direction, without information exchange, without discussion of best practices, without training and without capacity development, we will have a good chance in battle.

I mean, you have to build an environment, you have to demonstrate strength, and the only way to do that is to work together. It’s simple. And we have to be prepared for the fact that malicious state actors will also work together.

― It seems that democratic societies are not as flexible in responding to new challenges as autocratic regimes. Is this a common shortcoming of all democracies, or will there come a time when democratic procedures will have to be circumvented in order to make quick decisions?

I’m not a lawyer or a legislator, I’m a technical person, but I know that countries that respect the rule of law, that promote democratic values, want to do this legally. I mean, you have to have the right laws and regulations before you do something, so that everything is in accordance with the letter of the law.

On the other hand, we see, particularly in the case of cybercrime, that state actors with malicious intentions do not respect any rules.

Romania is one of the few countries in the European Union to have passed a law banning the use of Russian software in Romanian government agencies, effective from 2022.

The paradigm shift is that we need to get these rules in place much faster. It’s not going to take a whole year to get these rules in place. We need to decide, agree, reach consensus, and get these norms and rules in place in a matter of weeks right now. So we need to move much faster.

― And I also want to ask about the Romanian training of cybersecurity specialists and so on. Have you managed to increase the number of such specialists and how did you build this system?

We are in pretty good shape compared to other European Union countries. The reason is simple: Romania has many universities that graduate computer science specialists every year, especially in cybersecurity. We have about 180,000 IT professionals, but most of them work as freelancers. They contract with clients from all over the world — from Europe, the US, Canada, the Middle East, etc.

The EU currently lacks around 500,000 experienced cybersecurity experts. This is a serious problem that needs to be addressed. We all — governments, academia and businesses — need to invest in knowledge sharing, training programmes and retraining of professionals, especially engineers and technicians, to bring them into the cyberspace.

In Romania, we do it well. We cooperate with universities, support the creation of postgraduate programs, master classes, laboratories and trainings in cybersecurity. In addition, we show the advantages of this profession, because it is one of the most profitable and promising. A young specialist who comes to cybersecurity gets a chance for an interesting, well-paid career, which is important not only for him, but also for the country, the economy, and organizations.

At the same time, we must make more efforts to make this field attractive and visible. Many cyber specialists are techies, they are not used to talking about themselves. Therefore, the media, journalists, social networks can play a key role in telling success stories and popularizing the cyber profession. This is important, because the demand for cybersecurity experts will only grow, and those who choose this field will have work for many years to come.

«What Ukraine has gone through is a unique case in modern history»

― What positive aspects would you highlight for Ukraine during a full-scale invasion in terms of offensive cyber operations and cyber deterrence?

I was struck, first of all, by the determination of the Ukrainian authorities — the will to remain steadfast, the ability to assemble powerful teams of experts. These are people from different fields, with different experiences, from different organizations, who have united to jointly respond to serious cyber incidents and attacks by the aggressor.

Also impressive is the technical ability of Ukrainian experts to withstand very complex and powerful cyberattacks — and all this in wartime, with no time to prepare. You had to react on the fly, determine strategy, and work with limited resources.

This is an exceptional experience, and I am sure that many countries can learn a lot from Ukraine. You have shown that you can act effectively even in critical conditions.

― As one of the speakers noted, Ukraine now has the largest cyber army in the world.

This is true. The main thing now is to share this experience with the democratic world. Other countries should listen, learn from Ukraine, and work together to be better prepared for the future. Because what you have gone through is a unique case in modern history.

No one could have imagined that in the 21st century, a single European country would be invaded, that the war would last this long. But you are giving it a worthy rebuff, and I find it absolutely amazing.

Read the country's main IT news in our Telegram

72% of cyber incidents have a medium level of criticality. Cyber expert from the Ministry of Defense on attacks on the ministry by Russian hackers: a way to counteract and prevent

People's Deputy Fedienko proposes outsourcing the issue of cyber defense from the state: "In five years, the parliament has not understood what cybersecurity is"

NSDC accuses Signal of inaction in the face of Russian cyber threats

20% of cyberattacks fall on Ukraine: Russia has intensified hybrid warfare