Cybersecurity in Emerging Europe and Central Asia

May 2022 – With the invasion of Ukraine and a substantial increase in cyberattacks on governments, critical infrastructure and other strategic targets, the topic of cybersecurity has gained even more importance. Below is an overview of the steps that national security authorities have taken to strengthen national security.


  • On 24 November 2021, the Bulgarian government designated the State e-Government Agency as a national coordination centre for the purposes of Regulation (EU) 2021/887. The establishment of the coordination centre is expected to contribute to achieving a high level of network and information security, thus boosting the standards and sustainability within cybersecurity.
  • In relation to the situation in Ukraine, the Ministry of e-Government issued a statement on 27 February stating that its personnel and the Cybercrime Department within the Ministry of Interior are taking appropriate action for the security of electronic systems, including the filtering of access to over 45,000 internet addresses. The message was not directly related to Russia, but it mentioned hybrid attacks and the increased threat of malicious internet interference.
  • The State e-Government Agency has also sent notifications to telecommunication operators and companies operating public communication networks, which have an obligation to stop malicious internet traffic.
  • An additional response to the situation in Ukraine from a cybersecurity perspective is the comprehensive actions taken by the Cyber Security Council to the Council of Ministers to protect critical and strategic systems within Bulgarian state institutions. The Minister of e-Government reassured the public that Bulgaria is not in a state of cyber war, shortly after the above-mentioned statement from the Ministry of e-Government, while at the same time signalling that the Ministry is working actively with companies to purchase detection, protection and neutralisation solutions to cyberattacks to safeguard all state information systems.


  • On 24 and 27 February 2022, the Croatian National Cyber Security Authority (“CERT”) issued warnings of possible cyberattacks connected to the Russian invasion of Ukraine.
  • CERT has recommended all citizens to be cautious when opening content related to the Ukrainian situation, as such content might be part of phishing campaigns, hoax news or malware. CERT recommended that each company should:
    • regularly follow CERT’s publications;
    • forward CERT’s educational materials to its employees;
    • instruct its employees to report any suspicious activity to its dedicated security department or to CERT;
    • implement measures to prevent and limit damage from DDoS attacks;
    • implement multifactor authentication and limit access to its network; and
    • implement rules on the use of social media accounts.


  • According to the director of the country's National Cyber Security Directorate (the “DNSC”), Dan Cîmpean, Romania recorded a "spectacular rise" in the number of cyberattacks aimed at its infrastructure shortly after Russia's invasion of Ukraine. At one point, four days after Russian troops entered Ukraine, Romania's cybersecurity authorities saw an increase in cyberattacks by roughly 100-fold.
  • Several threads and recommendations have been posted by the DNSC, such as:
    • In the context of the military conflict in Ukraine, special attention should be given to fake online news. Several websites hosted in Russia have copied the visual identity and content of well-known news websites in Romania (, Capital, BZI, These actions imply fraud and possible disinformation. Sources should be checked and accessed directly, not through links received via suspicious communication channels;
    • Several official communications regarding fake news were made in the context of the conflict in Ukraine, including putting in place a list of fake websites and IP addresses involved in malware attacks and phishing campaigns directed at Ukrainians or members of European governments involved in assistance to refugees;
    • Several fake initiatives impersonating assistance actions for refugees have been flagged;
    • A recommendation to avoid giving any personal data or financial data via Whatsapp in response to messages regarding employment offers;
    • A recommendation to be cautious of messages regarding fake Bitdefender updates that spread malicious files (links or attachments informing of an urgent need to update).


  • On 21 February 2022, the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (the “Serbian National CERT”) published a guide entitled “Protect Your Company and Employees: How to Act if Your Electronic Mail is Attacked and How to Protect Your Accounts” (the “Guide”).
  • The Guide illustrates the following:
    • reasons why electronic mail may be the target of attackers;
    • manners in which attackers may gain unauthorised access to electronic mail;
    • methods to determine whether electronic mail has been accessed by attackers;
    • steps to undertake in order to mitigate the consequences of an attack; and
    • preventive steps that could protect electronic mail from future attacks.
  • In addition to the Guide, there are several other publications on the official website of the Serbian National CERT that seek to promote awareness to businesses and individuals of the constant threats in cyberspace and offer guidance on how to minimise the accompanying risks.


  • On 23 February 2022, the Slovak National Security Authority (the “Slovak NSA”) issued a warning of cyberattacks on elements of critical infrastructure.
  • The Slovak NSA recommended that all organisations do the following:
    • perform a cybersecurity audit;
    • update risk analyses considering the current geopolitical situation;
    • apply a strict password policy;
    • implement and enforce authorisation with multiple steps; and
    • other steps to ensure the utmost safety of cyberspace and the data within it.
  • The Slovak NSA did not directly connect the warning to Russian attacks, but issued the warning in light of the recent situation in Ukraine and previous cyberattacks in the region.
  • In addition, the Slovak NSA announced that it has taken precautionary measures against the leakage of classified information to foreign powers and unauthorised persons. This announcement came shortly after recent news that the Slovak police had detained several persons in connection with spying for Russia. Persons close to defence forces or to members of parliament were among the detainees.


  • On 17 March 2022, the Turkish Information Technology and Communication Authority (the “ITCA”) organised the e-Safe CyberSecurity Summit regarding cybersecurity weaknesses in the public and private sectors.
    • The President of the ITCA, Ömer Abdullah Karagözoğlu, underlined the increasing number of cyberattacks and the importance of cybersecurity;
    • Karagözoğlu mentioned 5G in relation to cyberattacks, explaining that some of the current security concerns relate to 5G networks, while others are related to devices connecting via 5G;
    • He also highlighted the importance of adhering to standardisation studies conducted by international standardisation institutions such as ITU, ENISA and ETSI, etc.
  • On 29 December 2020, the President of the Turkish Republic issued a circular and announced the National Cybersecurity Strategy and Action Plan (the “Action Plan”) for the 2020–2023 period.
    • The main objectives of the Action Plan are stated as follows:
      • to protect the cybersecurity of critical infrastructure;
      • to develop national technological tools for operational needs; and
      • to enhance the competencies of teams fighting cyber threats.
  • Within the scope of the Action Plan, the National Cybersecurity Intervention Center (the “NCIC”), a subsidiary of ITCA, plays a role in Turkey’s defence against cyberattacks and works to boost cybersecurity.


  • Over 3,000 DDoS attacks have been reported by the State Service of Special Communication and Information Protection of Ukraine since 15 February 2022. The highest recorded intensity reached 275 DDoS attacks per day. Most attacks were directed at information resources of state authorities and at the financial and telecommunications sectors.
  • As a countermeasure, on 24 March 2022, parliament adopted amendments to the Criminal Code of Ukraine to substantially strengthen the existing liability for committing cybercrimes. In particular, any unauthorised interference with communications networks committed during martial law may be punishable by imprisonment for up to 15 years if such interference leads to leakage, loss, forgery, blocking of information, distortion of information processing or its routing, and/or if the above causes significant damage or creates a danger of serious technological or ecological accidents, death or mass disease of the population. These changes will come into force upon approval by parliament and signature of the president.
  • The State Service of Special Communication and Information Protection of Ukraine offers its assistance to Ukrainian businesses on an individual basis by creating robust cybersecurity systems for their IT infrastructures.
  • In March 2022, Ukraine become a Contributing Participant of the Cooperative Cyber Defence Centre of Excellence (the “CCDCOE”), one of NATO’s Centres of Excellence, based in Tallin, Estonia, which is responsible for the cooperative cyber defence capability of NATO and NATO nations. Ukraine’s participation in the CCDCOE will facilitate the exchange of experience and best practices in combating cyber security threats.

For more information, please contact Lukáš A. Mrázik, Firm-wide Co-Head of Data & Cybersercurity, at .

    • SHARE