Eduard Bisceanu is a recognized expert in cyber-security, his skills covering also information security management and electronic communications, investigation of complex digital crimes, analysis, evaluation and response to cyber-threats.
At the end of the Military academy, he began his career as transmissions within the Romanian Army. He then joined, since 2001, the Romanian Intelligence Services (SRI), becoming one of the first officers tackling cyber threat issues to speak in front of the media of the cyber-threats and the problems which are bound to them.
Between 2013 and 2014, he exercised the executive direction of the CERT-RO with the title of Deputy General Manager, by assuming the responsibility of all the operational zone of the institution. Since mid of 2014, was again among the senior executives of the SRI, before joining Unicredit Bank in mid 2016.
The need of private and sectorial CERTS. The Banking and Telcoes examples
(Paper delivered with Bogdan-Mihai Zamfir)
The constant evolution of cyber threat landscape is pushing businesses, as well as the governments to adopt new tactics and strategies for defense. Too many times, when a critical attack occurs, cyber security community is accusing the state for not taking the right actions or not employing the right defense. Instead of looking at the state and waiting to be protected by a non-contractual third party, businesses should be more opened to build or develop more on cooperation need basis. Establishing a CERT/CSIRT capability is involving a huge amount of time, effort and resources, even we are talking about the public sector or the private one. As a model, we could see worldwide a variety of applied cyber security strategies across countries, from west to east, but, usually, we see government bodies and singular private sector parties. If the states are struggling to improve cooperation between different legal entities, the private sector is protecting itself by building business defense capabilities with a limited connectivity outside their constituency. If we have a closer look at FIRST website, we will see a lot of big banking CSIRTs/CERTs, a lot of telco CSIRTs/CERTs and also many technology producers CSIRTs/CERTs.
Since the European Commission is trying to establish a similar legal framework regarding Network and Information Security across the member states, it is easy to understand that this would be a huge effort from governments, and that the states and the legal framework will not be able to fight cyber crime or advanced cyber threats alone.
Where is the real business defense then ? That is why the proposed subject to be discussed in this panel is related to the reasons coming from real life that are creating the need of sectorial/private CSIRTs/CERTs, and to the main pillars and principles for putting the basis of such a capability. The topic will be approached as an open discussion with one of the first Romanian expert in building a CERT capability and making it operational.