Presidency of the Republic of Moldova
President Nicolae Timofti today chaired a meeting of the Supreme Security Council.
The participants in the meeting discussed two topics:
1. Moldova’s information security and the capacities of the competent institutions to ensure information security.
2. The impact of the developments in the region on Moldova.
The decision of the Supreme Security Council No 01 / 1-02-05 comes below:
"The Supreme Security Council recognises and reconfirms that ensuring information security is a basic element in ensuring national security and contributes to building an information society in Moldova, based on the citizens' trust in information technologies and electronic communications.
Hearing reports unveiled by Information and Communications Technology Minister Pavel Filip, Intelligence and Security Service Director Mihai Balan, Prosecutor General Corneliu Gurin, Interior Minister Dorin Recean and Centre for Special Telecommunications General Director Sergei Popovici on the information security of Moldova and capacities of the competent authorities, the Supreme Security Council to ensure the security of information.
ASCERTAINS:
The quick development of information and communication technologies has led to the creation of a dynamic cyber space without borders. International experience shows a positive impact of the information and communication infrastructure on the development of modern society, which is to develop the opportunities of access to information and public information resources in all areas of human activity, as well as to enhance the residents’ level of employment, by creating new jobs. Therefore, building an information society is of utmost importance for the development of the country and must be carried out in such a way, that all citizens could benefit from its results.
In this respect, the Moldovan government approved, by decision No 857 from 31.10.2013, the National Strategy for Information Society Development - Digital Moldova 2020 and the Action Plan on its implementation, developed by the Information and Communication Technology Ministry. Creating conditions for increasing the security and trust level in the digital space and the key actions for creating these conditions are addressed in the Strategy for the first time ever and form a special chapter of the abovementioned Action Plan.
Using new technology generates more development opportunities, as well as many risks and vulnerabilities that require special attention and should be a major concern of the state and the sides involved in the process.
These risks are characterised by asymmetry, strong dynamics and global nature, making them difficult to identify and counteract by measures proportionate to the impact of their materialisation.
Preventing and combating cyber attacks, including the crime in this field, is one of the priorities of international organisations, and their rapid worldwide growth by about 600 per cent against 2005 shows the urgency of the need to take measures to protect the information infrastructure of Moldova against possible risks linked to the illegal activity in the field.
Thus, in the banking system alone, starting from 2010 to 2012, a growth of information threats of 1,773 per cent was registered, and the damage caused by them increased about 13-fold, amounting to 13,172,248 lei.
One of the premises of this criminal dynamic is the fact that cybercrime is constantly using the latest technologies, which often reduces possibility to counter cyber attacks to a minimum.
The importance of the problem was outlined in the National Security Concept and the National Security Strategy of Moldova, which, by setting the goals of the national security system, covered both the threats in the field of information technology, and ensuring information security. Thus, the today's meeting is part of a string of measures to implement the Concept and Strategy - political and legal provisions that allow adaptation to domestic and foreign developments in national security policy, identifying specific segments of the national security system that needs reforming , developing a realistic plan of reforms.
The need for a complex and effective approach of the process of ensuring national cyberspace security has significantly increased over the past years. This includes national critical infrastructure, to ensure and protect information classified as state secret, prevent and combat computer crimes, extremism and terrorism in cyberspace.
Moldova has recently made a series of actions to strengthen the information security capabilities.
Following the ratification of the Optional Protocol to the Convention on the Rights of the Child on the Sale of Children, Child Prostitution and Child Pornography, on 22 February 2007, Council of Europe Convention on Cybercrime, on 2 February 2009 and the Council of Europe Convention on the Protection of Children against Sexual Exploitation and Abuse on 19 December 2011, Moldova became an active player in the implementation of a common criminal policy, in the fight against cyber crime, including offences of online sexual exploitation of children.
A nationally important step was the development and approval of the Law No 20 from 3 February 2009 on the prevention and combating of cybercrime, which clearly establishes the duties of public authorities and institutions in charge of preventing and combating cybercrime, as well as developing proposals to ensure information security.
It is also worth to be mentioned the Law No 91 from 27.06.2014 on electronic signature and electronic document, created to increase the security level of electronic signatures, as well as adjustment to international standards and recommendations in the field of infrastructure of public keys.
To adjust the legislation in force to the provisions of Directive 2006/24/EC of the European Parliament and of the Council from 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, Council Directive 2008/114/EC from 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection, Directive 2011/92/EU of the European Parliament and of the Council from 13 December 2011 on combating the sexual abuse and sexual exploitation of children, the draft amending and supplementing more legislative and regulatory issues was developed.
These amendments will exclude more legislative barriers in the process of ensuring information security by competent bodies.
At the same time, the state agencies’ response to the risks and threats coming from cyberspace activities entails the need for an effective cooperation, based on fast data exchange between all sides in ensuring information security.
To this effect, the joint Action Plan on preventing and combating cybercrime, published in Official Paper No. 228-232 / 1532 from 10.18.2013, was developed and approved by the joint order of the Prosecutor General's Office, General Police Inspectorate of the Interior Ministry, Security and Intelligence Service, National Institute of Justice, National Bank, Communications and Information Technology Ministry, Defence Ministry, Customs Service of the Finance Ministry, State Agency on Intellectual Property, State Agency on Morality Protection, National Centre for Personal Data Protection and Centre of Special Telecommunications State Enterprise.
Despite the undertaken actions, the continuous analysis of vulnerabilities in the operation of electronic networks, used in central public institutions, proved a number of impediments to ensuring information security.
A systemic approach and a state policy in the field of information security, which would unify the necessary legal, organisational, technical, technological and physical protection of the Moldovan cyberspace as well as clear the regulation of the roles and competences of relevant authorities, are also missing.
To improve the activity of ensuring the state’s information security, preventing and combating cybercrime, an urgent need persists to developing and implement the information security concept of Moldova, the information security strategy of Moldova, including an action plan for the establishment and implementation of the National System of information protection, the Law on the security of critical infrastructure, that will contain elements of physical assurance, cybernetics and technical information systems, and electronic communications for managing critical infrastructure objects and other strictly necessary acts (special requirements, regulations, instructions, recommendations).
To achieve the abovementioned objectives, the Supreme Security Council.
RULES:
I. To recommend that the parliament of Moldova considers, as priority, the draft legislative acts dealing with the sectors of information security, prevention and combating information and telecommunications offences, and the goal of which is to ensure a management of the national information security, adjusted to the international standards.
II. To recommend that the Moldovan government:
1. Ensures the enforcement of the action plan on the implementation of the National Strategy for Information Society Development, Digital Moldova 2020, approved under the Government Decision No 857 from 31 October 2013;.
2. Ensures the creation of the national centre for reaction to security incidents (CERT), which additionally to the basic duties, will define a joint instrument in carrying out the campaigns of informing the state, companies and citizens about the information crimes, threats and ways of preventing them;.
3. Ensures the working out and promotion of draft legislative acts concerning the fields of information security, preventing and combating information and telecommunication offences (including a draft law on the amendment and completion of legislative acts, adopted by the cabinet under the Decision No 784 from 25 September 2014), and which aim at ensuring a management of the national information security, adjusted to the international standards;.
4. Ensures the elaboration, approval and implementation of a string of proactive and reactive measures to reduce possible information vulnerabilities, risks and dangers, diminish the impact of information threats, attacks and incidents coming from the cybernetic space;.
5. Ensures the further development of the special governmental system of telecommunications of the public administration authorities (protected governmental data transfer network) on all the territory of Moldova;.
6. Ensures the working out and approval of a national programme for continuous education of civil servants, private sector employees and the residents on possible cybernetic vulnerabilities, risks and dangers coming from an inadequate use of applications, information technologies and electronic communications, as well as about the evil impact of the cybernetic attacks, threats and incidents;.
7. Ensures the working out and approval of a draft law on ratification of an additional protocol to the Council of Europe Convention on Cybercrime.
III. To recommend that the Intelligence and Security Service, jointly with the other competent authorities:
1. Ensures the elaboration of a concept of Moldova’s information security and the strategy of Moldova’s information security, as well as to boost actions aimed at reducing the impact of potential risks to the information security;.
2. Ensures the working out of a plan on creation and implementation of a state complex system of information protection, which would unify the legal, organisational, technical, technological and physical measures of protection of Moldova’s cybernetic space.
IV. To recommend that the Prosecutor General’s Office, jointly with the government and the Intelligence and Security Service, ensure the carrying out of the action plan in the field of prevention and combating the cyber crime, published in the Official Paper No 228-232/1532 from 18 October 2013.
V. The authorities in charge will inform the Supreme Security Council about the fulfilment of the provisions of this decision each semester.
Nicolae TIMOFTI,
President of Moldova, head of the Supreme Security Council.”.
