Strengthening Moldova’s Cyber Landscape

Critical Questions by Daniel F. Runde, Leah Kieff, andThomas Bryja

Published October 8, 2024

Since Russia's 2022 full-scale invasion of Ukraine, cyberattacks on Moldova's institutions have more than tripled, including frequent attacks on the government and corporate websites. These incidents are often tied and timed with events of public significance, such as last year's attack before the European Political Community summit. These attacks can inflict significant economic damage, such as ransomware and data loss. These attacks can also undermine faith in public institutions. The upcoming presidential election on October 20 and the EU referendum tied to the election may trigger a barrage of malign cyber activity.

Moldova is an exceptionally connected country, with 98 percent of the territory of having 4G coverage and approximately 75 percent of the population having an internet subscription. The Moldovan government has been leading an impressive cross-sector digital transformation effort-supported by many foreign partners and allies to update its digital infrastructure. But the exponential increase in attacks combined with Moldova's rapidly growing digital footprint highlight the need to strengthen cybersecurity. Increasing cyber resilience across public and private sectors is important for Moldova's democratic and economic future.

Q1: What are the cyber threats in the upcoming 2024 presidential and 2025 parliamentary elections in Moldova?

A1: Moldova is one of the many countries across the globe to join the year of elections in 2024. On October 20, 2024, its citizens will be voting not only for their next president but also on changing the Moldovan constitution to enshrine EU membership as a goal for Moldova. Moreover, in 2025 Moldova will host parliamentary elections.

Elections and political parties across the world are considered high-risk cyber targets. During the 2023 local Moldovan elections, the Central Elections Commission repelled a significant cyberattack. While this attack did not affect vote totals, taking the elections website offline for a period has the potential to undermine voters' faith in the election's integrity.

Elected officials, political party members, journalists, academics, and others who are actively, openly, and successfully combating malign influence are at a higher likelihood of being targeted for cyberattacks. Of course, if the politician in question is also an elected or appointed official, then their public sector work accounts may be accessed more easily following the initial hack of their personal device. This may be due to shared or similar passwords, or if devices are used across functions-from campaigns to official government to personal interactions. In Moldova, this risk was significantly heightened by the 2022 leak of many high-ranking government officials' phone numbers.

At a minimum, this puts every official whose data was included in this leak at a much higher risk of a variety of phishing attacks. It also puts these officials at risk of hack and leak operations, such as the leaked messages of the Moldovan ministers that occurred in 2023. The ministers in question said that the released messages, which purported to show collusion around election rigging, had been manipulated. Efforts like these in the cyber domain can further undermine voters' faith in election integrity and the ability of the elected government to lead the country forward. In combating these threats, Moldova should continue to take lessons learned from Ukraine, including but not limited to pre-bunking disinformation.

Q2: What are Moldova's cybercrime challenges?

A2: Digital espionage and cybercrime have been assessed as some of the largest threats facing both the public and private sectors in Moldova. In particular, online fraud and ransomware have been an increasing problem. To help the Moldovan government improve its cyber capabilities, international partners such as the United Nations Development Programme and the U.S. Department of State have provided equipment with specialized hardware and software to support cybercrime investigations in several districts of the country. Law enforcement in these areas is also receiving training to support its ability to find and investigate illegal online activities.

Another challenge facing Moldova is the mining of cryptocurrency that has been ongoing in Transnistria. The mining of cryptocurrency is common in other post-Soviet breakaway regions. It is alleged that the currencies produced throughout these regions are leveraged to fund Russian criminal activity. Cryptocurrency has long been used by Russian groups to fund and sponsor malign cyber activity. This currency is popular for use in funding criminal activities broadly as it does not transact through commercial banks and is resistant to hacking. As Moldova looks to further reintegrate Transnistria, it will be essential to ensure that any criminal activity, whether cyber-focused or otherwise, is combated. Bringing the expertise of the United States and other partners and allies to support Moldova in combating these types of crimes will continue to be important.

Q3: What human capital is needed to strengthen Moldova's cyber capabilities?

A3: Moldova is rapidly digitizing, including its government services, which increases the risks and potential impacts of cyberattacks. This means that employing cyber talent is vital across Moldovan government agencies. However, attracting and retaining talent within the Moldovan government is challenging since government agencies are competing with the private sector for the best and brightest.

Although many governments struggle with cyber talent shortages and competition with the private sector for this talent pool, the needs are starker in Moldova. Currently, 40 percent of the available Moldovan workforce migrates for work, and more than 20 percent of Moldovan firms report that the lack of an adequately educated workforce is the main obstacle to doing business. The resulting "brain drain" is exacerbated by the weight of an aging Moldovan population.

But tech and cyber job opportunities across public and private sectors may pose a promising potential part of the solution to retaining talent in Moldova. Currently, information and communication technology makes up more than 10 percent of the Moldovan GDP, and thousands of students are studying computing each year. The Moldovan government has taken steps to develop university programs on cyber including but not limited to CyberCor, a cybersecurity educational institute supported by the U.S. Agency for International Development (USAID). This program, which is housed at the Technical University of Moldova, enhances the cyber training available to all levels of students, from freshman to graduate level. There are also opportunities for Moldova to invest in upskilling and training professionals across sectors to improve their cyber and tech skills. For example, the European Bank for Reconstruction and Development has sponsored a program that provides small and medium-sized enterprises in Moldova access to consultants, training, mentoring, and assistance to improve resilience. Ensuring that there is skilled cyber talent available to fill the needed roles across the government and private sector is of key import to Moldova's success in cybersecurity.

Q4: How is the EU accession process likely to affect cybersecurity in Moldova?

A4: The 2023 Moldovan national cybersecurity law was drafted with support from Estonia and aligns with EU standards. This law requires incident reporting, as well as safeguards, cooperation, and network standards for all medium-sized or larger internet service providers and entities within critical sectors. It is a step toward increased cybersecurity hygiene and private sector notifications of incidents, as well as compliance with EU standards. Public-private sector collaboration is key to any country's cybersecurity and represents an area where Moldova has significant room for growth.

The cybersecurity legislation is not the only change in the cyber and information technology (IT) domain needed for EU membership. For example, recent changes to Moldova's data protection framework align it closer to the General Data Protection Regulation, which is the EU standard. The EU accession process will continue to drive data compliance, which will have an impact across sectors, changing IT needs and requirements. Moldova will eventually need to comply with the recently passed EU Cyber Resilience Act, which includes standards for electronic devices and data processing used by commercial enterprises.

Moldova's pathway to compliance with EU cyber standards will increase its cybersecurity capabilities. The process of updating these frameworks provides a natural opportunity-across all sectors-to reduce and streamline regulations. This process of overhauling also provides an opportunity to decouple the regulatory authorities for each industry and ensure that they are administered by a properly vetted oversight board with maximum transparency.

However, the implementation of these legislative and regulatory frameworks alone is not enough to deter malign influence. Moldova has a long road ahead in cybersecurity, having fallen 10 points in the Global Cybersecurity Index rankings. The reasons given for this decreased ranking include but are not limited to Moldova's organizational capacity and critical infrastructure protections. These offer some insights into areas that Moldova must strengthen to increase its cyber resiliency.

Q5: How are international partners supporting Moldova's cybersecurity progress?

A5: The United States and international partners are supporting Moldova's cyber development with a wide range of actions from technology education to programs focused on developing Moldova's cyber infrastructure. One important program implemented by USAID and the International Business Machines Corporation in Moldova provides more secure hardware and software but also aims to help the Moldovan government maintain this infrastructure and secure its networks. USAID also supports cybersecurity through its Critical Infrastructure Digitalization and Resilience work, which helps to address a wide range of gaps and priorities. In Moldova that has included, but is not limited to, providing a range of hardware and software to protect and strengthen key information systems within Moldova's cyber-defense infrastructure. Additionally, for the past two years, the Moldovan military has been conducting a cyber-focused training exchange with the North Carolina National Guard. This training exchange builds on the almost 30 years of collaboration between Moldova and the North Carolina National Guard.

The United States is not the only international partner in this space. EU support to Moldova for cyber resilience has also increased since Russia's 2022 invasion of Ukraine. In 2023 the European Union announced the provision of 40 million euros in military aid to Moldova, some of which was specifically focused on cybersecurity. This is in addition to the European Union providing a civilian security assistance mission to Moldova to advise in the area of security, cyberattacks, and disinformation. The bloc also provides support via rapid cyber response teams to Moldova.

This multilateral support does not include the support provided by EU member states bilaterally, nor does it encompass the myriads of Moldova's partners and allies buttressing cybersecurity. Over the past few years, bilateral collaborations have included the Czech Republic and Romania. And over the last decade, these collaborations have included Estonia, a leader in cybersecurity globally. Recent support from Estonia includes a trilateral partnership between Estonia, Moldova, and the United Kingdom to help develop and implement national-level planning, including standards and awareness training. Estonia, a global technology leader, has also provided cyber-defense training in partnership with the European Union.

These efforts are a strong start for improving cyber and tech across Moldova, but more is needed. Moldova must continue to focus on improving the regulatory regime, formal and informal education, secure hardware, and software, as well as increasing public and private collaboration across cyber and tech. Taken together, these important steps will not only increase cross-sector cyber resilience against malign actors but also protect the country's democratic institutions and future economic development.

Daniel F. Runde is a senior vice president, William A. Schreyer Chair, and director of the Project on Prosperity and Development at the Center for Strategic and International Studies (CSIS) in Washington, D.C. Leah Kieff is a senior associate (non-resident) with the Project on Prosperity and Development at CSIS. Thomas Bryja is a program coordinator and Research Assistant with the Project on Prosperity and Development at CSIS.

Programs & Projects