Communications Minister Bostan: I hope cybersecurity law gets final approval from Justice Ministry
A cybersecurity law is being considered for approval by the Justice Ministry, a last stage before it is approved by the Supreme Council for National Defence (CSAT) and then the Government, so it can be sent to Parliament for final approval, Communications and Information Society Minister Marius Bostan said on Wednesday.
"We are nearing the end of the approval procedure for the cybersecurity law. Today [Wednesday] I hope we get the final approval needed, from the Justice Ministry, so it can then be approved by the CSAT and by the Government. Afterwards, this very-much needed law will clear Parliament," Bostan told a conference where an activity report of the CERT-RO National Computer Security Incident Response Team was presented.
According to the minister, the law is absolutely necessary, taking into account that the Internet has no frontiers, and cyberattacks have become increasingly more sophisticated. In this context, the agreements and international cooperation are very important, and such cooperation requires very much knowledge.
"We anticipate, based on the existing information, highly complex attacks in the coming period," said Bostan.
In his opinion, the new law will set in place a responsibility framework for all users, so that attacks can be prevented, or have their effects minimised, particularly for state bodies.
"To quote just Article 28: secrecy of correspondence is inviolable! Who must defend that? It is clear that it must be done," Bostan said.
At the end of January, the Communications and Information Society Ministry (MCSI) posted on its website for public debate a new bill on Romania's cybersecurity. The document was drawn up taking into account the criticism levelled by the Constitutional Court of Romania (CCR) under Ruling No 17/2015 on the constitutionality objection over provisions in the law on Romania's cybersecurity.
According to the ministry, the bill would introduce cybersecurity protection measures only for the legal entities mentioned in Article 2 of the bill: "public authorities and bodies, legal entities owning cyber infrastructures supporting public or public-interest services, or services of the information society, which damage can affect national security or bring serious damage to the Romanian state or its citizens; legal entities owning cyber infrastructures for personal data processing; providers of public electronic communications networks and providers of public electronic communications services."
The Constitutional Court of Romania (CCR) announced on January 27, 2015, that the cybersecurity law violates the constitutional provisions on the rule of law and the legality principle, as well as those on personal, family and private life, namely the secrecy of correspondence. The reason mentioned by the CCR is that the national cybersecurity authority should be a civilian organisation in order to guarantee these rights, instead of the National Cybersecurity Centre (CNSC), which already operates within the Romanian Intelligence Service (SRI), using military staff.