The Baltic countries are on edge as they anticipate the cyber-threat from one particular neighbour
The Baltic countries are on edge as they anticipate the cyber-threat from one particular neighbour

Since Russia's intervention in eastern Ukraine, the three Baltic States  -  Estonia, Latvia and Lithuania -  have been particularly worried they could be the next targets of military aggression. While a conventional attack remains a major source of fear in Vilnius, Riga and Tallinn, cyber-attacks are increasingly perceived as a potential hybrid warfare threat by the Baltics.

“Russia plays a very significant part in the Central-Eastern European region which is reflected in the origin of attacks targeting this region,” Maroš Kirňák, the director of the cyber-security programme at the Slovak Security Policy Institute (SSPI), told SC Media UK.

Today, numerous eastern NATO member states worry about the potential impact of Russian cyber-warfare, as well as the pro-Kremlin activism that has spread on various social media networks.

Local observers say these phenomena have amplified since Russia's takeover of eastern Ukraine in 2014. Jakub Janda, the deputy director for public and political affairs at the Prague-based think tank, European Values, told SC that the Kremlin has orchestrated disinformation campaigns throughout the region in the wake of the military intervention in Ukraine.

Estonia invests in ‘digital society'

Tallinn has been developing its cyber-warfare capacities since 2007 when a string of cyber-attacks managed to shut down the websites of various Estonian public authorities, financial institutions and media outlets, including the country's parliament and the Bank of Estonia. The Estonian government accused the Kremlin of orchestrating the attacks, and local observers said that they were designed to undermine Estonians' trust in the digital society concept. The country was the first in the world to allow online voting based on an ID which doubles as a smart card enabling remote authentication and the signing of legal documents.

Anna Piperal, E-Estonia Showroom managing director at state-run agency Enterprise Estonia, tells SC that the digital society has become a permanent feature of the country's political system, and it has allowed an “unprecedented level of transparency and accessibility in government.”

“Trust is the foundation of a digital society. This is why Estonia has largely invested into [developing its] cyber-security infrastructure. We have implemented confidentiality, availability and integrity solutions that work together for keeping us safe. Data Embassy is our next step to bring data out of the country and backup it in different places around the world with the help of the KSI blockchain,” according to Piperal. “Provision of Estonian e-services costs 400 times less than it costs to provide the same services in the UK.”

The country's Cyber-Security Strategy for 2014-2017 states that “cyber-security-related cooperation has been successful on the regional level between the Nordic countries and the Baltic States”. Since 2009, a Cyber-Security Council has been established, and the Estonian Internal Security Service has “strengthened its investigative capabilities to prevent threats to national security, including cyber-attacks and espionage.”

Lithuania develops National Cyber-Security Centre

Lithuania launched its National Cyber-Security Centre (NKSC) last year following the signing of a cyber-security law that enabled the transformation of the Lithuanian Defence Ministry's Communications and Informations Systems Service (CIRT).

The legislation which allowed the cabinet to establish the NKSC was passed last year, formally establishing the centre, but the new entity began its operations last July. The NKSC was set up through a transformation of the Lithuanian Defence Ministry's Communications and Informations Systems Service.

“The main reason to launch the National Cyber-Security Centre was the will to put greater focus on cyber-security within the public sector, and the growing concern about the safety of critical national enterprises. The NKSC was created on the basis of the former military CIRT which had experience in dealing with cyber incidents,” Rimtautas Cerniauskas, the head of the NKSC, told SC.

According to Cerniauskas, the main reason behind its establishment was “to consolidate the efforts of public institutions, spread … cyber-awareness and provide help in dealing with cyber incidents on the government networks” in cooperation with other state institutions, including the cyber-crime unit of the Lithuanian Police, the Communications Regulation Authority, and Lithuania's data protection agency. The NKSC plans to operate a specialised information platform that will inform government institutions about the latest cyber-threats and incidents that target their networks, Cerniauskas says.

Latvia struggles against pro-Kremlin online trolling

Latvia has adopted a Cyber-Security Strategy for the years 2014-2018. The document calls on the authorities to improve “the ability of CERT.LV to observe, analyse and prevent IT security incidents” and develop its “resources and competences to perform centralised security tests.”

This said, the available information suggests that Riga puts less emphasis on developing the country's cyber-defence capabilities than the remaining two Baltic States, where authorities continue to develop relevant institutions to deal with cyber-attacks.

Latvia's capital Riga is home to the NATO Strategic Communications Centre of Excellence which commissioned a study, ‘Internet Trolling as a hybrid warfare tool: the case of Latvia', identifying online trolling as an element of Russia's hybrid warfare tactics.

“In the context of the Ukraine crisis, the aim of hybrid trolls has been to promote the Kremlin's interests and portray Russia as a positive force against the ‘rotten West' and the US hegemony,” the study says.

Ukraine bans Russian websites

As the armed conflict against pro-government forces and Russia-backed rebels continues in eastern Ukraine, so too does the conflict over information. In May, Ukrainian President Petro Poroshenko issued a ban on a number of Russian-owned Internet businesses. These include Russia's leading social media websites VKontakte and Odnoklassniki, as well as search engine Yandex and e-mail provider

“The spread of fake news has caused the social networks to become another field of combat in cyber-warfare,” professor Marek Jabłonowski, a political scientist from the University of Warsaw, told SC.

Last year, in response to a notable increase in the number of cyber-attacks on Ukraine's IT infrastructure, the Ukrainian authorities approved a new cyber-security strategy which foresees new standards for the country's cyber-security in line with the EU and NATO standards, and calls for an increase in research and development (R&D) activities in the sector.

Belarus limits access to separatist websites

Contrary to other countries in the region, Belarus maintains close military cooperation with Russia and is a member of the Moscow-backed Collective Security Treaty Organization (CSTO) which is designed as a counterbalance to NATO.

Similarly to neighbouring Ukraine, the Belarusian authorities have taken steps to limit the activities of websites they consider a threat to state security. In the past, a large number of cyber-attacks against Belarus-based websites were directed against websites critical of the country's President Alexander Lukashenko, such as the DDoS attacks that targeted Charter ‘97 and the Belarusian-language version of Radio Liberty's website. However, in the aftermath of the Russian intervention in Ukraine, the Belarusian authorities have become increasingly interested in Russian nationalist websites that speak against Belarusian independence.

Earlier this year, the Belarusian Ministry of Information has limited access to a Russian website on the grounds of inciting nationalist hatred and separatist propaganda, after a court in Minsk ruled the website to be “extremist”, as reported by local broadcaster Belsat.

Finland to develop existing cyber-security institutions

In Finland, the easternmost member of the Nordic Countries, the state-run Security Committee coordinates the cyber-security activities at state level, but its efforts are complemented by the activities of other public institutions, according to Maria Kellokumpu, a spokesperson for the Finnish Communications Regulatory Authority (FICORA).

"Cyber-security is regarded as an important element of the comprehensive security of our society. Over the past few years, Finland has taken several steps in order to improve state's and society's cyber-security. For example, we created a national cyber security centre at the FICORA in 2014, and a similar centre for cyber-crimes was established at the National Bureau of Investigation of the Finnish Police,” Kellokumpu tells SC. "At the moment, there are no plans to establish new institutions related to cyber-security.”

According to the FICORA's spokesperson, although "the Finnish networks are among the cleanest in the world, we work to further improve our cyber-security.”

It is noteworthy that the Finnish Security Committee recently released a new public cyber-security implementation programme for the years 2017-2020.

The document states that the "most noteworthy cyber threat trends in recent years have been the growth of ransomware, the exploitation of vulnerabilities, threats against devices as well as hacking business operations or breaches of personal data. Also, hoaxes, phishing, denial-of-service attacks and targeted attacks are still relevant threats. The most attacked branches particularly include the health sector, manufacturing and production, banking and financing, the public administration as well as the transport and haulage sector.”

The document recognises that Finland "will likely see increasingly sophisticated cyber-attacks and more leaks of information in the future” and calls for the “consideration of cyber self-sufficiency, i.e. securing a sufficient autonomous capability for maintaining the critical infrastructures”. However, it does not point to any particular countries or regions from which such attacks on the country's infrastructure could originate.