Battening Down the Hatches: Moldova’s Cyber Defence

As Ukraine continues to mount an effective defence against Russian cyber operations, Euro-Atlantic policymakers are increasingly concerned about anticipating and denying future national cyber incidents elsewhere. Bordering Ukraine, Moldova finds itself in a precarious position. Historically seen by Moscow as part of its ‘near abroad’, the country’s stance on Ukraine and its pro-European government has precipitated cyber attacks and information operations – attributed to Russian-linked groups – against the country. With cyber operations targeting NATO countries increasing 300% since the start of the war, it is reasonable to expect further hostile cyber activities against Moldova.

Efforts by Moldova’s government and international actors have begun to build the country’s cyber capacity. Nonetheless, several factors mean Moldova remains vulnerable to cyber operations. Below we will discuss these factors, outline existing efforts to mitigate cyber risk, and raise further opportunities to build cyber resilience.

Attributes of Vulnerability

Moldova is a middle-income country pursuing rapid digitalisation. It has low government revenue compared with its European peers and several pressing priorities for state expenditure. Socio-economic challenges including a contracting population, an over-reliance on remittances and inflation detract from the government’s ability to spend on cyber security. As demonstrated by the large-scale cyber incidents suffered by Albania and Costa Rica, small states which are unable or choose not to spend on cyber security are highly vulnerable to significant impact.

Persistent insider threats may also pose a risk to Moldovan security. This is seen in accusations that individuals with pro-Russian sentiments have supported the destabilisation of the country. While accusations have primarily been levelled within the political sphere, infiltration also impacts national cyber security. An insider could, for instance, grant hostile actors access to critical systems.

Recent Russian cyber-enabled information operations against Moldova, increasing since the start of 2022, have been associated with attempts to undermine the country’s internal stability. From mid-2022 to early 2023, a series of high-profile attacks have targeted government credibility. ‘Hack-and-leak’ operations have compromised, exfiltrated and published confidential documents, while DDoS attacks and exposures from spear phishing campaigns have disrupted state services. Cyber operations are one part of wider hostile activities by Russia across ‘energy, cyber, economic and social security’. These were credited with causing the resignation of former Prime Minister Natalia Gavrilita and are operationally consistent with other Russian-linked campaigns of low-intensity harassment. More broadly, this can be linked with the uptick in cyber attacks on NATO countries since February 2022. In this regard, it is important to recognise the pertinence of cyber operations as one part of wider activities designed to achieve strategic objectives.

Despite challenges, Moldova is committed to and proactive in developing its cyber security capacity. For example, the country has steadily adopted regulatory best practices, such as legislating for critical infrastructure providers to adopt prescribed cyber security measures. Moldova has furthermore broadly sought to digitalise in a cyber-secure manner. E-government services have expanded significantly and are notable for adopting cloud-based solutions such as MCloud, MPay and MSign. Moldova has also adapted to innovative cyber security solutions and best practices. In April 2023, for example, the government changed MCloud operating regulations to allow for cloud hybridisation. This permitted the use of foreign public cloud services, provided by data centres in EU member states, and responded to emerging best practices established by Ukraine’s cyber defence using distributed cloud servers. These amendments illustrate that Moldova has a strategic awareness of the emerging importance of interoperable cloud technologies in the context of national cyber security and systems integrity.

Nonetheless, Moldova’s cyber security ecosystem remains ‘fragmented’. The country suffers from the global gap in qualified cyber professionals and therefore struggles to implement cyber security improvements. For example, in November 2022, the Government Cyber Emergency Response Team (CERT-GOV-MD) had a staff of four. Moldova’s wider institutional gaps are reflected in its Global Cybersecurity Index ranking, which fell from 53rd to 63rd between 2018 and 2020. This indicates that, relative to its peers, Moldova still needs to drive improvements including establishing a cyber threats analysis unit, bringing forward the implementation of its new cyber security law, and participating in more international exercises.

Existing Efforts

There have been long-term cyber capacity building (CCB) activities in Moldova by international partners. For example, the Estonian eGovernance Academy has supported legislative, strategic and organisational reforms over the past decade. From early 2022, Czechia and Romania have also commenced bi-lateral cyber-assistance programmes with Moldova, aiming to enhance cyber resilience through information-sharing, strengthening government capacities to engage on cyber security policy, and encouraging cross-border public-private partnerships.

Since the onset of war in Ukraine, there has been a significant increase in CCB. In May 2022, the EU launched the Moldova Cybersecurity Rapid Assistance programme to improve cyber resilience across the public sector and key critical infrastructure sectors. The project aims to develop diverse capacity outcomes including adjusting the 'normative-legislative framework of cybersecurity’, increasing societal awareness and hygiene, and developing targeted technical skills. It does not, however, provide or commit to operational support for Moldova’s cyber defence.

In April 2023, participating EU member states announced the deployment of a Cyber Rapid Response Team (CRRT) to Moldova to aid the government in securing its national cyberspace. The CRRT forms part of the EU’s Permanent Structured Cooperation Framework. The specific activities CRRT will conduct are not clear; however, it can be expected to assist in training, vulnerability assessments and potentially technical support to detect, recognise and mitigate cyber threats.

Further CCB projects have been launched by European agencies. In October 2022, for example, EU4Digital began supporting the adoption of legislation across EU partner countries in accordance with the Budapest Convention on Cybercrime. Furthermore, in December 2022, the European Bank for Reconstruction and Development partnered with private-sector cyber security providers to enhance cyber resilience for SMEs in Moldova, given that these types of organisations have been severely impacted by cyber attacks.

Filling the Gaps

Significant international support for Moldova’s cyber resilience demonstrates an acknowledgement, particularly among EU institutions and member states, that effective cyber defence is best built before a large-scale incident. While existing preparations cover many areas, targeted activities can still move the needle. Further international support should prioritise three actions with a sense of urgency.

First, CERT-GOV-MD and an external technical body that will take responsibility for coordinating future international assistance should prepare and maintain a list of Moldova’s immediate operational needs should a national cyber incident occur. This would cover activities to rapidly improve cyber defences, such as deploying private-sector incident responders.

Second, ‘hunt forward’-style operations – pioneered by US Cyber Command – should be undertaken on Moldova’s networks. These will commission leading cyber security companies to identify existing vulnerabilities and any attackers that have compromised Moldovan networks. This should also then feed back into longer-term CCB activities, such as the EU’s Cybersecurity Rapid Assistance programme, to inform the improvement of Moldova’s underlying capacity.

Finally, Moldova should be fast-tracked for involvement in NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) exercises. Eight non-member states, including Ukraine and Japan, are already contributing members to the CCDCOE’s activities. Their involvement deepens the pool of knowledge about cyber threat actors and creates greater opportunities for cyber defence cooperation. Moldova’s entrance would provide another important vector to improve its preparedness.

These specific activities should be accompanied by continual peer-to-peer engagement with Moldova’s cyber defenders. As Ukraine has demonstrated, extraordinary national efforts are at the heart of strong national cyber security. Moldova’s partners should not assume that external emergency responses would be sufficient to secure the country were it to suffer a large-scale cyber incident. National cyber defence is hamstrung without existing competent cyber defenders embedded within well-structured legislative and organisational systems.

The views expressed in this Commentary are the authors’, and do not represent those of RUSI or any other institution.

Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.