The latest edition of the Global Cybersecurity Index, an annual study released by the International Telecommunication Union, shows that even relatively small countries with limited budget resources can make significant leaps to the top of the rankings by investing in their cyber-security capabilities.
The example of Lithuania, a country with a population of roughly 2.8 million, presents just such a case. The state has successfully positioned itself as a leading Eastern European player in the field of cyber-security, as indicated by the GCI 2018 which ranked it as fourth out of 175 states included in the report, preceded only by France, the US, and the UK respectively.
Lithuania’s advancement in the study is due to several administrative reforms and legislative initiatives its authorities carried out over the past few years to pave the way for a strengthened cyber-security framework.
Asked about the reasons behind Lithuania’s surge in cyber-security efforts over the past years, Ausra Vaitkeviciute, an adviser at the country’s Ministry of National Defence, told SC Media UK.com that the ITU has recognised Lithuania's efforts in consolidating state-run institutions responsible for cyber-security.
"To consolidate functions and resources, which were previously scattered among various institutions into single entity, the National Cyber Security Centre (NCSC) has been created. Consolidation has helped to concentrate best expertise and avoid (often inefficient) inter-institutional interaction issues, thus enabling faster decision-making and response time," according to the GCI 2018 report.
As part of its efforts, Vilnius decided to appoint a deputy defence minister dedicated to overseeing cyber-security, reinforce the country’s Cyber-Security Council and expand the range of participating stakeholders, create a strong CERT, and impose high cyber-security requirements on governmental institutions and private players that supply essential services to the state, according to Vaitkeviciute.
"Lithuania has intensified its international cooperation and shown leadership in cyber-security by launching new initiatives. The two flagship initiatives are the Lithuania-led Cyber Rapid Response Teams project in which seven other EU member states participate, and the establishment of a Regional Cyber-Defence Centre in close cooperation with the US in Kaunas," Vaitkeviciute said.
"Thirdly, the Ministry of Defence has intensified its public-private partnerships and cyber-awareness campaigns. One of the concrete deliverables came in 2018 when the ministry signed memoranda of understanding with the country’s main media outlets on cooperation in the cyber field, including on training, exercises and assistance in incident management."
Since 2018, Lithuania’s CERT, the National Cyber-Security Centre, is the country’s main institution responsible for cyber-security, acting as a one-stop-shop in providing assistance to government institutions, the military, businesses, and residents.
Rimtautas Cerniauskas, the former head of the NCSC and the institutions founder, told SC Media UK that, "the main goal of the NCSC is to consolidate the efforts of public institutions, spread the ideas of cyber-awareness and provide help in dealing with cyber-incidents on the government networks".
The institution’s creation was facilitated through the adoption of Lithuania’s Cyber Security Law which defined the centre’s role and its cooperation with other state institutions. These included the Lithuanian Police’s cyber-crime department, the Communication Regulation Authority which deals with citizen-related cyber-incidents, and Lithuania’s Personal Data Protection Agency which deals with incidents related to personal data, according to Cerniauskas.