Safetech Innovations was founded in 2011 and provides services in the field of cybersecurity. These include risk evaluation, ethical hacking, implementing and monitoring security measures in different types of organizations.
Could you give us a brief introduction to Safetech Innovations and outline how the company has developed over the years?
I started Safetech Innovations in 2011 together with two colleagues, based on the experienced we had gathered while handling cybersecurity for one of the leading banks in Romania. We started by offering consulting services related to information security and our first contracts were focused mainly on testing security systems, also known as ethical hacking.
We grew significantly since then and have reached a point where we are able to cover all the phases that a company needs to consider when setting up their cybersecurity process. Starting from risk evaluation (through audit mechanisms that allow us to identify the existing security risks), performing testing to understand how the system would react in case of a real attack and proposing and implementing the necessary measures to reduce vulnerabilities. Since 2015 we also have in place a private center for security monitoring (STICERT) that allows us to screen our customers’ systems 24/7 and intervene immediately if needed.
How relevant is the energy industry to your portfolio and what are the most common cybersecurity risks associated with this sector?
Energy is the second largest industry in our portfolio, after banking and financial services. What is particular about energy companies is the fact that they use two types of infrastructure: a classic IT infrastructure which holds customer, financial and personal data - in this case cybersecurity is handled in a similar manner to other industries, the main priority being confidentiality of data.
Apart from this, energy companies have a process infrastructure which ensures their production, transport, distribution and so on. The priority in their case is availability, in other words our main goal is to maintain these processes in a functioning state so that the population receives the energy it needs. We have become specialized in critical infrastructure since 2015, and we are in fact the only company in Romania certified in this area.
Have any Romanian companies been subject to such attacks in the past?
I am not aware of any such attacks in Romania fortunately, but in December 2015 a key distributor in Ukraine came under cybernetic attack and electricity was stopped for over six hours, in several provinces across the country (about 180,000 consumers were affected). Subsequent investigations showed the attackers had penetrated the infrastructure at least six months in advance - such infiltration could have been easily discovered if the company had a monitoring system in place.
What can you tell us about the regulation that Romania has in place surrounding this very sensitive topic?
The banking system has been regulated from a cybersecurity perspective since early 2000, but that is not the case for energy. It was only in December last year that Law 362/2018 has been passed, in order to introduce the NIS (Network and Information Security) Directive in the national legislation. This Directive imposes a common level of security for essential structures, that can cause prejudices to human and social life in case they are attacked.
The most important sector that falls under this directive is energy, and the two essential things that the law imposes are the following: firstly the obligation that every company has in place an appropriate cybersecurity system, and secondly that this system is monitored 24/7. The law has not been fully implemented yet, we are still waiting for the application norms which are expected to be released in autumn 2019.
