At the date we will publish this issue of Cybersecurity Trends, Romania will have come to the end of its semester of the European Union presidency. In this time, a central role has been successfully played by the Special Telecommunications Service (STS), the State’s central specialized body in charge to organize, conduct, carry out, control and coordinate all the activities in the field of special telecommunications for public authorities in Romania. We had the chance to interview the Institution’s General Director, Lt.Gen. Ionel-Sorinel Vasilca. Lt. General Vasilca, your institution has a military structure and is part of the national defence system. What are the main tasks you had to achieve for the Romanian EU’s presidency, in addition to those performed by the STS in a “normal” year ? Lt. Gen. Vasilca: first, way before the 1st of January 2019, the whole direction of the STS was involved in the Inter-Ministerial Committee for Security “ROMANIA-EU 2019”, constituted by the boards of all the State players active in the domain of defense, namely the Ministry of Defense, the Ministry of Internal Affairs, the Domestic and the External Intelligence Services (SRI and SIE) as well as the Protection and Guard Service (SPP). Within this permanent working group, the STS has been designated to be in charge of two main tasks. The first and main one, acting under the direction of the Ministry of Foreign Affairs, has been to develop, implement and maintain 24/7 in perfect function all communication systems and services specifically designed for the EU presidency. The second has been to ensure the transport and good function of the official broadcast made by the National Public TV (TVR) of all events of the EU presidency.
“The massive use of the Code Injection technique broadly overwhelmed the ‘elder’ ones such as Brute Force or File Inclusion”
So, well before the eve of 2019, we had completed business analysis and security tests of the official portal www.Romania2019.eu, for which the user end was designed to provide to the visitor all the necessary information on each event, while its back end has been designed to serve the Ministry of Foreign Affairs, for providing all the flux of official information and data as well as, in collaboration with for the Protection and Guard Service, to manage all the accreditations to the events. So what happened starting with January 1st? Lt. Gen. Vasilca: we had to cover and ensure a perfect communication for more than 300 events, one-third of them only taking place in the capital, Bucharest. For this, we made a classification of 5 groups of importance, the first and highest being the meeting of all EU heads of state, held in Sibiu on May, the 9th. On a second rank, we had 23 ministry-level EU meetings and, on ranks 3 to 5 of strategic importance, the remaining 275+ events (interministerial / technical meetings). Besides, the STS had the role to provide and ensure 24/7 all Internet and communications facilities at three main points : the Parliament Palace, the National Library and the National Bank of Romania, a task we have been able to achieve with powerful clusters of servers situated in Bucharest and near Brasov, to increase nationwide the efficiency of the available services. On this last aspect, I suppose you had to be very flexible in all what regards the amount of data while keeping all communications totally safe? Lt. Gen. Vasilca: Exactly. Imagine that the official portal “Romania2019.eu” had an average of 2.23 million of visits per month, culminating with almost triple, more than 6 million visits during the month of May, when all Heads of State gathered at Sibiu. In what regards our traffic capacity, we had constant feedback from our colleagues from Bulgaria and from Austria, who greatly helped us in order to estimate the quantities and numbers of downloads and uploads.
This proved to be particularly important during the main events, where all the EU delegates, as well as media from the entire world, were downloading materials or uploading video content to be sent to their homeland. With 3 Tier 1 connections, we succeeded to offer an average aggregated data speed capacity up to 30 Go/second. We could also see from which countries we had the most important numbers in terms of visits and data quantity, Romania and Belgium (i.e. the EU’s HQ) counting for almost 60%. What about the “cyber” aspect? How did you manage to secure all those services? Lt. Gen. Vasilca: As far as cybersecurity is concerned, we acted from our CORIS Centre (Centrul national pentru raspuns la incidente de Securitate/Operational Response Centre for Security Incidents), founded in 2008, in collaboration with the CertMil (Army), the Cert-RO (Ministry of Telecommunications) and the Cyberint Center (Domestic Intelligence Service – SRI). I must underline here that thanks to the hard work performed during the years, not only the CORIS has gained a very high trust rate -it is accredited by Trusted Introducer since 2011 – but it enjoys a very stable CERT team, many colleagues working there since the opening of the center. This allowed us to monitor 24/7 all the systems directly or indirectly connected to the EU Presidency, and to provide a 24/7 helpdesk dedicated to all State institutions needing services or expertise. A few days after the end of Romania’s presidency, what facts can you unveil us? Lt. Gen. Vasilca: well, first a statistic: on a thousand “clicks” on the official website, 4 were “abnormal” or “errors”, meaning an extremely small ratio. Now, if we look more in detail, we observed a significant growth of a new type of cyber-incident. As a matter of fact, this semester was marked by the massive use of Code injection, coming far above two “conventional” criminal techniques well known and used in the last years, i.e. Brute Force and File Inclusion.
The massive use of the Code Injection technique broadly overwhelmed the ‘elder’ ones such as Brute Force or File Inclusion.
During the «Big Day», i.e. the meeting of all Heads of State at Sibiu, we reached a peak of 75% malware + 18% of spam attempts.
How were you able to cope successfully with such a quantity of illegal attempts?
Lt. Gen. Vasilca: first, we built a state of the art one-ofits-own sandbox, in full collaboration with Bitdefender. Thanks to this new and unique kind of sandbox, which filtered the malwares, quantified and classified them while neutralizing them, we were able to focus all our attention on monitoring the modification of the site and of its subdomains as well as the web apps security. Of course, in addition, to secure 24/7 the service availability. All this was made possible by a whole series of tools built «in house» by our team year after year, as a countermeasure to «defacement» attempts. All these tools allowed us to see «live» within a precise ranking, both the levels of compromising and potential compromising of the site and apps, hence to take the necessary measures. On the other hand, it allowed us to block immediately any illicit attempt of change of content and, of course, to counter the attacks aiming to provoke the unavailability of the services we provided.
What are your main conclusions of this resilience success while being under real constant attack at a level the country never knew so far?
Lt. Gen. Vasilca: from the STS point of view, three key points are the receipt of a good defence. The first and the base of the other two points is to have a qualified and compact team, with exceptional technological and human skills. This allows to reach a second point: never to depend only on already made solutions, but to develop in continuation one’s own unique tools fitting the security of the particularities of what one has to defend. And then, of course, topping the two previous points, no security incident response should be dealt alone. The perfectly oiled collaboration with all the other security entities is the only possibility to enhance all your capacities and capabilities.
A last question. Many citizens are both afraid and fascinated, at the same time, by the arrival of 5G as well as by the constant improvements and implementations of AI and of the IoT. What can you tell them?
Lt. Gen. Vasilca: We learned a lot from this experience, familiarizing us with AI, Deep Learning, Machine Learning, being able to build our own products and to understand how these techniques work and will possibly evolve. The main change we already face, without 5G, is the change of symmetry and ratio between the data uploaded and those downloaded. Contrary to a stable massive evolution of downloads and a long, slow evolution of uploads, in the last year we have seen an exponential evolution of uploads from month to month, the quantity of data uploaded exceeding now the quantity of data downloaded. This is the result of the increased massive use of IoT devices and, in general, of all new generation tools, whose root systems need a constant data feed from every single captor.
The point is not so much the change of transmission mode (4G to 5G) but the way each user will behave and will be aware of how to use all the infinity of tools at one’s disposition in a secure and safe way. As an anecdote, during all the events we had to manage, gathering from 1000 to 5000 participants each, NO ONE desired to be connected by
cable – a solution we proposed –, and everybody used systematically the wireless system provided. That shows how 5G will be broadly used since its beginning. It is unavoidable and we should all be prepared for that. For the other part of your question, the dialogue between machines only is already existing almost everywhere. The real difference lies in the measure of human intervention each user or entity will desire or require, from being able to intervene all time to being asked only when a final decision has to be taken. Again, everyone can benefit of the advantages of a responsible and knowledge-based use of all the new technology available or soon available, but security, more than ever, can be done only by perfectly understanding the ever-evolving digital environment we live in. Then, choosing the right tools and solutions to use according to the specificities of one’s daily life (professional and private), it is easy to learn how to secure them. Each human, state, company can hence decide how resilient to be. There are no more inevitable issues tomorrow than today. As a last word, without a basic knowledge keeping pace with technology and security novelties, and without a broad and open dialogue and collaboration between users and experts as well as between state bodies and private companies, of course any new technology implementation can bring new dangers and, here is the major change, much, much faster and worldwide.
Editor’s note: the challenge faced by STS has been even larger, as besides Romania’s EU presidency, the Special Service also had to ensure the Euro-parliamentary elections (doubled by 2 referendums) on May 26th and Pope Francis’s visit to Romania (31st of May to 2nd of June) all ran smoothly.
(1) https://www.sts.ro/en/press-releases/inter-ministerialcommittee-for-security-pope-francis-visit-2019 https://www.sts.ro/en
Author: Laurent Chranovski