Cyberattacks can paralyze critical state institutions and companies
According to A. Tumkevič, the gravest danger arises when cybercriminals attack objects of strategic importance to the state.
“Cyberattacks can disrupt the work of the media and of various institutions and companies vital to national security. In 2016, Lithuania experienced a cyberattack that, as experts agree, was one of the largest in Lithuania’s history. When the server of the committee on Informational society development, guarded by the state-owned firm “Infostruktūra” was attacked, the so-called DDoS (denial of service) attacks hit the websites of the Lithuanian Parliament, Presidency, Government, most ministries, and many state institutions, including the State Tax Inspectorate and the Central Project Management Agency,” notes A. Tumkevič.
Most of the attacks come from Russia
A. Tumkevič notes that most cyberattacks worldwide are tied back to Russia. Other states that employ aggressive cyber activities include China, Iran, and North Korea.
“Last year, cyberattacks hit the British media, as well as the telecommunications and energy sectors in the United Kingdom. Similar attacks hit companies that operate nuclear power plants and other nuclear facilities in the US. Estonia and Latvia experienced massive cyberattacks against the media this year. The vast majority of these attacks indicate Russian involvement,” emphasizes A. Tumkevič.
In response to the Russian cyberattacks against the UK and the Netherlands, Jens Stoltenberg, the Secretary-General of NATO, has urged the Kremlin to immediately cease such activities and emphasized that NATO will stand in solidarity with the countries targeted with the attacks.
The media is a regular targeted
According to A. Tumkevič, the media regularly become targets of cyber criminals, especially when their aim is to spread various kinds of disinformation.
“Often, the purpose of cyber and informational attacks against the media is to spread false or misleading information, propaganda, or disinformation. This year, cyber criminals broke into the TV3.lt website and planted false information about Raimundas Karoblis, the Lithuanian Minister of Defence. The purpose of such attacks is usually to question Lithuania’s national security interests, to spread distrust in state institutions, officials, and the system of national defense, to discredit the EU and NATO in the eyes of the citizens,” lists A. Tumkevič.
Lithuania builds its cybersecurity by cooperating with the EU, NATO, and other partners
To build resilience against cyberattacks, Lithuania finds international cooperation increasingly important.
Lithuania, as a member of the European Union, NATO, the United Nations, and the Organization for Security and Co-operation of Europe (OSCE), actively supports the efforts of the international community to strengthen and develop cybersecurity.
Cooperation with the US, on cyber issues as much as anywhere, is also very important to Lithuania. Every year, Lithuanian representatives participate in international cybersecurity consultations between the Baltic states and the US. Both states cooperate on questions related to critical infrastructure security, share relevant information on cybersecurity issues. Lithuania has also joined the US (and many other nations) in condemning Russia for organizing “NotPetya” and other cyberattacks in recent years.
NATO has compared the cyberspace with a war theatre, to which the Article 5 norm applies: “an armed attack against one or more (NATO members) shall be considered an attack against all,” and all members will “immediately” help the victims of such an attack.
Within the EU, meanwhile, there are discussions that, in an event of obviously damaging cyberattacks with sufficient proof, diplomatic sanctions or other security measures would be applied to the individual or the state that carried out the attack. Lithuania has also taken initiative to establish a Cyber Rapid Response Teams and Mutual Assistance in Cyber Security – this project is among the first approved within the EU’s Permanent Structured Cooperation (PESCO) initiative.
At OSCE, there has been an agreement on 16 trust-building measures in the cyberspace. Lithuania abides by the OSCE rules on the behavior in the cyberspace, such as informing partners about cyberattacks or harmful activity, information sharing, not allowing harmful activities directed at other states to take place inside own territory, etc.