Policies for guaranteeing cybersecurity in Bulgaria - this was the subject of a five-hour discussion at the Consultative Council on National Security, headed by the President with the participation of representatives of the government, heads of parliamentary groups and of special services.

The country currently faces problems that are more serious such as the demographic crisis, for example, a problem the biggest opposition force in the country, the Bulgarian Socialist Party stated it wanted discussed at consultations with the president in March. Evidently, cybersecurity is now higher up on the agenda of the consultative body because the problems it entails are growing more and more intolerable and hackers have been perpetrating acts more and more outrageous.

An illustration of the growing arrogance of hackers is the fact that minutes after a meeting of the Consultative Council was convened on 14 April, the website of the presidency was hacked. Last year it was hacked again after the Bulgarian head of state demanded that the State Agency for National Security investigate the hacking of the sites of the Interior Ministry and of the Central Electoral Commission on the day local elections were held in the country.

The Council ascertained that cyberattacks on state institutions and private companies, airports and other elements of the critical infrastructure were growing more and more frequent. A considerable amount of personal data of Bulgarian and foreign nationals has been leaked, websites of institutions and administrations have had their content substituted for anti-democratic or radical propaganda, sensitive information has been appropriated that entails financial loss for Bulgarian and international companies.

The special services have not disclosed who was behind the cyberattacks on election day. But inefficiency in combating these attacks is just one side of the problem, because the Consultative Council on National Security has also registered a string of flaws in prevention. Bulgaria has no national or sectoral policies that would put in place a minimum of security standards. The use of outdated operating systems and unlicensed applications and devices is widespread. The end user in the state administration is not in possession of a sufficient level of computer competency or skills whereas the number of cybersecurity experts is insufficient even at departments from the sphere of national security.

It should be noted here that the existence of these problems was acknowledged some time ago and as of September 2014 Bulgaria has had a national cybersecurity coordinator, though no tangible effect has come of it. In 2014 Defence Minister Velizar Shalamanov sounded the alarm that “something that takes 3-4 months to be accomplished in NATO takes 3 years in Bulgaria in a sphere in which technologies change every four months and the complexity of cyberattacks is growing with every passing day.” Two years later after one more sitting of the Security Council, Prime Minister Boyko Borissov gave no reason for optimism when he said that in the sphere of cybersecurity the measures taken are never enough because with the IT revolution as it is hacker attacks catch up with technology every day. And added that even the world's leading intelligence services were going back to using their old typewriters.

Still, the decisions of the Consultative Council on National Security do not mean going back to the old typewriters, what they involve are a dozen or so measures and recommendations to parliament and the government. The advice to the National Assembly is that it should give priority to the adoption of the draft on amendments to the E-government Act that envisage creating an E-government State Agency and a Single System Operator State Enterprise, to the government - to adopt the Cyber-sustainable Bulgaria, 2020 national strategy.

The ministries of the interior, of defence and of transport, as well as the special services must be given additional financing for more cybersecurity experts as well as for new equipment for preventing and countering cyberattacks. The Defence Ministry was asked to assume a more active role in the annual NATO Cyber Coalition exercises. We can only hope that we really are entering a new phase in cybersecurity where the widespread belief that Bulgaria is too insignificant to interest hackers in a big way is no longer valid.

English version: Milena Daynova