June 1, Vice Minister of National Defence Greta Monika Tučkutė and Director of the National Cyber Security Centre (Lith. NKSC) under the MoD Liudas Ališauskas reviewed the current cybersecurity situation in Lithuania nad presented the main achievements this year.
“Last cybersecurity years was marked by different challenges and important tasks. The war in the neighborhood had implications on Lithuania’s cyberspace as well. Lithuania has withstood the cyber-attacks and took away valuable lessons, while our attention to cybersecurity today has been stepped up like never before,” says Vice Minister of National Defence.
In addition, Vice Minister underscored that Lithuania was maintaining high-level vigilance due to the number and character of detected incidents that showed continued activity and diverse mean used by malign actors in cyberspace.
Decreasing number of cyber-incidents in the first quarter of 2023
According to NKSC Director, the National Cyber Security Centre recorded 573 cyber-incidents in the first quarters of 2023, which is 1.8 times less than during the same period last year. The number of medium severity incidents remained similar as last year (7 incidents as compared to 8 incidents identified in the first quarter of 2022). However, even 6 of the 7 were ransomware attacks in reflection of the global rising trend by ENISA named as the most significant cyber threat for two consecutive years.
Cybersecurity training and exercises remains an important direction of NKSC activities. “We are conducting basic level cyber hygiene training, a cybersecurity training programme for public sector employees, an industrial technology cybersecurity course has been launched for Lithuanian military personnel, representatives of critical infrastructure companies and Ukrainian military. The widely prominent NKSC exercise Cyber Shield has developed into a three-phase event this year: strategic level political planning exercise with Allies Cyber Shield STRATEX 2023, then, Cyber Shield PhishEx 2023 to which we invited as many as 300 organisations in our country, and finally, the one-day largest national cybersecurity exercise Cyber Shield OpEx 2023 due in October, over 300 organisations will be invited to attend this time as well,” NKSC Director reviewed the situation.
Ahead of the NATO Summit in Vilnius
When addressing the near-term plans or cybersecurity activities Vice Minister G. M. Tučkutė noted preparations for the NATO Summit in Vilnius in July. Cyber Champions Summit in Vilnius this April consolidated the ties with Indo-Pacific countries on cyber security and paved the way for upcoming Alliance decisions in the area.
The Alliance took a decision in Madrid a year ago to launch a voluntary NATO virtual rapid response cyber capability based on national assets. “Lithuania looks forward to an agreement in this regard and an approval of the decision to develop the capability at the NATO Defence Ministers’ meeting in June, as well as at the NATO Summit in July in Vilnius. As a member state with significant experience in leading the EU Cyber Rapid Response Teams, Lithuania undoubtedly has know-how and experience to contribute,” said Vice Minister.
In its turn, the National Cyber Security Centre completed a cybersecurity risk analysis in organisations which will be responsible for ensuring functionalities at the NATO Summit in Vilnius. The analysis took into account 1578 risk scenarios that could potentially affect 163 pieces of assets pertaining to the event (e.g., different software and hardware, human resources, suppliers, quarters, etc.). According to NKSC Director, every establishment that will play a role in the event has been already notified about the identified unacceptable cybersecurity risks and obliged to mitigate it to a tolerable level. The National Cyber Security Centre has also presented a list of recommendations to all such establishments on risk management measures.
EU directive to legislation
When addressing the longer-term priorities in cybersecurity, Vice Minister pointed out the need to review the entire organization of cybersecurity measures in our country as the key necessity. “We are committed to do so by the European Union Network and Information Security NIS2 Directive approved into force in the beginning of this year and due to implementation in Lithuania by next fall,” noted Vice Minister. The Directive essentially rewrites all EU and member states’ cybersecurity provisions principles. Implementation of the Directive will facilitate a higher European cybersecurity level and more efficient response to incidents during crises. “Our joint work with the other Ministries has already begun to draw a preliminary list of critical and important entities to which the new criteria will apply. We are watching the list double and triple, new sectors are included as well, the rule of limit size has been introduced to bring in all medium-sized companies into the list of regulated entities,” Vice Minister told.