Security Culture and Organizational Resilience in the Context of Cyberwarfare: the Case of Romania

Authors

  • Mihail-George GURANDA Senior Legal and Regulatory Affairs Expert | EU-Level Cybersecurity Policy Specialist | Strategic Advisor in Public Policies
  • Dănuţ MAFTEI Academia de Poliţie „Alexandru Ioan Cuza”

DOI:

https://doi.org/10.53477/2284-9378-26-15

Keywords:

Cyber Warfare;, Security Culture, Cybersecurity;, Cyber Defense, Cyber Crisis;, Threats;, Resilience;, Cyber Governance

Abstract

This article examines the relationship between Cyber Warfare, security culture, and organizational resilience in Romania through the interaction of the legal framework, institutional architecture, and public governance practices. In the context of expanding hybrid conflicts and the convergence of technical, strategic, and cognitive threat dimensions, security culture can no longer be treated as a secondary issue, but as a condition for organizational and state resilience. Methodologically, the study relies on qualitative research combining doctrinal analysis, legal-institutional analysis,and a case study of Romania, drawing on relevant national legislation, the European Union acquis, institutional documents issued by DNSC, ENISA, and NATO, as well as relevant academic literature. The central argument is that Romania’s recently developed normative and institutional architecture, particularly Law no. 58/2023, G.E.O. no. 155/2024, the operationalization of SNAC, and integration with NIS2 mechanisms, creates premises for strengthening security culture and resilience, without automatically guaranteeing the internalization of security behaviours.

Author Biographies

Mihail-George GURANDA, Senior Legal and Regulatory Affairs Expert | EU-Level Cybersecurity Policy Specialist | Strategic Advisor in Public Policies

Mihail George GURANDA is a senior expert in public policy, regulation, and cybersecurity, with extensive experience in developing and implementing the European legislative framework in the field of cybersecurity and digital resilience. He served as Senior Manager for Cybersecurity at the National Cybersecurity Directorate (DNSC), where he coordinated legislative processes and inter-institutional groups for the transposition and
implementation of EU directives and regulations (NIS2, DORA, CRA, CER), as well as the development of secondary legislation and incident notification mechanisms.He is an EU and TAIEX expert involved in technical assistance and legislative assessment missions in countries in the region (Republic of Moldova, Serbia, Albania, Turkey), as well as a DCAF expert in the field of cybersecurity policies and coordinated vulnerability disclosure (CVD).
He has a law degree and a Master's in Information and Media Law from the University of Vienna, complemented by advanced training programs in artificial intelligence, data protection, and cyber certification. He is a speaker at national and international conferences and is involved in European research and cooperation projects in the field of cybersecurity.
Published paperworks:
• „Handbook on European Enlargement“, TCM ASSER Institute, Haga,Olanda,2000/2001 (Co-author);
• The Romanian National Cyber Security Directorate – Strategic project for Romania in the
field of cybersecurity, One Trust Data Guidance, 2021 (Co-author).
Additional details are available on the following website: https://www.linkedin.com/in/ihailguranda-3a99121ba/

Dănuţ MAFTEI, Academia de Poliţie „Alexandru Ioan Cuza”

Dănuț MAFTEI, Ph.D., is currently working for the Romanian National Cyber Security Directorate (DNSC - a governmental body) as a Senior Cyber Security Expert on Policies, Strategies and Cooperation. Meanwhile, he is an EU Expert, working with European Commission/DG NEAR as a speaker for TAIEX workshops on cyber issues, digital affairs, hybrid threats, 5G networks security, foreign information manipulation and interference (FIMI), or protection of national, EU and NATO classified information.
He graduated from the Police Academy in Bucharest and has a PhD degree in Public Order and National
Security. With more than 30 years in the government administration, he has been dealing with foreign policy,
diplomacy, cyber diplomacy, digital affairs, cybersecurity, national / international security, education and
international relations. Dănuț MAFTEI has a law enforcement background mixed with diplomatic expertise developed in post conflict countries (EUFOR/BiH and Kosovo – as Head of the Romanian Diplomatic Mission), and EU countries and institutions (Spain, Belgium/Brussels–EU Council).
During the RO Presidency of the EU Council (2019), as a diplomat of the RO Permanent Representation to the EU and as the Vice-chair of the Horizontal Party on Cyber Issues / EU Council, he was dealing with diplomacy/foreign affairs, cyber diplomacy, cyber issues, digital affairs and international relations.
From 2022, he has been involved in cyber issues, cooperation, international relations and cyber education
within DNSC, Bucharest, Romania.
Meanwhile, he is an EU expert on cyber, hybrid threats and foreign interference issues.
He is the author or co-author of several articles and scientific papers:
• “Three Warfares” versus “Hybrid Warfare”. New Generation Warfare – New approaches and
challenges.
• Lessons learned on cybersecurity project proposals for successful EU grant applications.
• Risks, threats, and vulnerabilities related to social media platforms and search engines. Regulation
and national legal frameworks.
• The Cyber Competences Act - a Vital EU Regulation Concerning Mandatory Certification of
Critical Network and Information Systems’ Operators across the European Union.
• International organizations and national seconded experts. Supremacy, security, strategic national
interests and foreign policy.
• Risks, threats and vulnerabilities related to EU Classified Information within CSDP missions and
operations.
• The way several European countries use to achieve their strategic and security objectives by
involving the national experts seconded to international organization. Case study: United
Kingdom and the Netherlands.
• The „Lessons Learned” concept and its strategic importance for organisations’ efficiency in fields
of security and crisis management.
• Risk analysis on Romania's participation with Seconded National Experts in international civilian
missions and operations.
• SWOT analysis on the subject “Public Order on national territory”.
• Security measures taken by national authorities against persons fighting as mercenaries in conflict
zones.
• Anxiety and its consequences on the organizational climate within the institutions of the national
defense, public order and national security system.
• Conceptual developments in collective security in the Euro-Asian and wider Black Sea area.
• From city-states to megalopoleis. Strength versus weakness
• Asymmetric threats, classified information management and the right to information. Protecting
classified information outside the authorization framework.
ORCID - ID 0009-0003-8115-4430
Additional details are available on the following website: https://www.linkedin.com/in/danutmaftei-phd-39418a68/

Downloads

Published

2026-04-09

How to Cite

GURANDA, M.-G. ., & MAFTEI, D. (2026). Security Culture and Organizational Resilience in the Context of Cyberwarfare: the Case of Romania. BULLETIN OF "CAROL I" NATIONAL DEFENCE UNIVERSITY, 15(1), 252–265. https://doi.org/10.53477/2284-9378-26-15

Issue

Vol. 15 No. 1 (2026)

Section

Articles

License

The published articles are subject to copyright law. All rights are reserved to the “Carol I” National Defense University, regardless of whether all or part of the material are considered, especially the rights to translation, reprinting, re-use of illustrations, quotations, broadcasting through the media, reproduction on microfilms or any other way and storage in data banks. Any replicas without the associated fees are authorized provided the source is acknowledged.