Euro-View: Edvinas Kerza on Lithuania’s cyber security
A few years ago Lithuania took the steps deemed necessary to create its overall cyber security. Legislation was passed; institutions were selected to oversee various aspects of security (information, electronic, cyber, etc.); military and civilian responsibilities were apportioned, and so on. That was at the beginning of 2015 at a time when we thought our country’s adaptation and implementation of cyber policy was complete. It was a significant start.
But… then we took a look at the cyber security field from a different angle. We discovered that our societal, business and governmental entities all found it difficult to carry out the appropriate level of responsibility or to connect with the right institution in case of emergency.
Lithuania’s Ministry of Defence subsequently determined that the functions of the country’s cyber and electronic security institutions overlapped and, moreover, that the public sector’s financial resources and cyber security personnel were deployed inefficiently. Too many specialists from too many different agencies were in charge of or tasked with the same issues.
It is crucial to bear in mind that there is no “peace time” in the cyber world. This places unyielding pressure on our public structures. So we asked ourselves a number of questions. Were all those security issues really so different from one another? Should different components of the public sector compete with each other in trying to attract well trained cyber experts to their organisations? And why was it that citizens had to guess who was responsible for what?
A key challenge has been to share the expert knowledge that our Defence Ministry and its agencies have gained from training and other exercises with NATO, the EU and the partner countries of both organisations.
Such matters of cyber security for our public sector and the lessons learnt gained from our interactions with NATO and EU countries lay behind the reasons for an acceleration of Lithuania’s cyber security policy during the first half of 2017.
This evolution saw the Ministry of Defence take on the role of leadership for Lithuania’s overall cyber and electronic security. The decision was taken by the government to consolidate all cyber responsibilities under the Ministry in order to create a single “window” for everyone, to ensure the sharing of our cyber experience with others and, finally, to strive for the best solution regarding civil-military synergies in cyber security.
Each and every day our Ministry and its agencies are working with NATO and the European Union, both of which have access to classified information on security matters. They also can turn to national intelligence services when needed. NATO’s approach, especially, is to train and prepare itself in the cyber domain as it would for times of conflict.
Such considerations formed the core of our central argument for putting Lithuania’s cyber security and defence under our Ministry. While other parts of the government responsible for transport, interior affairs or intelligence, for example, are also heavily dependent on cyber space, they cannot necessarily match our ministry’s cyber expertise. Thus, it made sense to centralise cyber security under our aegis.
Lithuania’s state-wide cyber security reform has thus begun and will result in the formation of new system, expected to start its functions in the first quarter of 2018.
A Unified National Cyber Security Centre under the MoD will be the main computer emergency response team (CERT) that links our country’s public, private, governmental and military spheres together. It will be responsible for protecting all of Lithuania’s cyber space and managing its cyber incidents.
The new Centre will carry out two other important tasks as well. The first will entail the accreditation of all types of IT systems and networks in Lithuania. The second will focus on R&D, together with the planning and execution of joint training of personnel, while overseeing exercises for other institutions and their employees.
We see great value-added in providing an opportunity for civilian and military cyber experts to work together on a daily basis. The emerging synergies of this should considerably enhance our collective know-how. And it will testify to the fact that we are all keenly aware of what to protect – and how to do it – not only during times of peace but in times of crisis and war, if needed.