Dalia Bankauskaitė
Senior Non-Resident Fellow
Center for European Policy Analysis (CEPA)
Washington DC, USA
Partnership Associate Professor
Vilnius University
Lithuania
When Lithuania implemented the fourth package of EU sanctions in June 2022, in effect stopping the transit of sanctioned goods into the Kaliningrad exclave by rail, the Russian regime retaliated with threats and cyber-attacks, rallying distributed denial-of-service (DDoS) attacks via a Telegram group. But instead of causing a state-wide outage, it contributed to a national retaliation across all sectors, potentially opening new geoeconomic opportunities for the country’s tech ecosystem.
Hybrid: Propaganda-driven cyber ops
Seemingly responding to orders, Killnet, a hacking group linked to Kremlin, took up the job and demanded to continue the transit of goods into Kaliningrad, while directing DDoS attacks on the Lithuanian tax authority, police, and state energy group, Ignitis, among others.
Edvinas Kerza, the former Lithuanian Vice-Minister of Defence and the current Head of Ignitis Group’s Business Resilience function, says the attacks failed to disrupt the group’s operations. “It turned out to be a superb training exercise – for continuity processes as well as our people, and our machine-learning algorithms.”
Cyber security experts see such warfare as a hybrid, because of the drive to generate propaganda in Russia, rather than seek more tangible damage. “The attacks originated on a particular Telegram group of around 90,000 activists, who could all download a particular software that helps direct DDoS. Initially, Killnet had offered this on the “software-as-a-service” principle. For about 1350 USD, a client could use the group’s services to DDoS a business competitor. Someone at Russian FSB must have seen the potential, and deployed this on a national scale, later bragging about the supposed “take-down of Lithuania” on the same group”, says Mr Kerza.
Total defence and the cyber state of emergency
The origins of cyber resilience go back over a decade. In the wake of the 2007 Russian cyber-attack on Estonia, Lithuania put cybersecurity high on its political agenda and decided to build up relevant capabilities: adopting the Cyber Security Law in 2014, launching the National Cyber Security Centre in 2015, preparing the Cyber Security Strategy in 2018, and establishing Vice-Ministerial position for Cyber Security within the Ministry of National Defence. Within a few years, Lithuania has become one of the leading cyber states: ranked 4th globally and 2nd in the EU in the ITU Global Cybersecurity Index, with the highest scores in the legal, technical, organizational, and cooperation domains.
Today, Lithuania follows two parallel directions: building up national cyber security capabilities and strengthening mutual interstate assistance capacities. The Lithuanian Armed Forces have a cyber security unit and run integrated drills annually, such as “Amber Mist”. Cyber security scenarios have also become an integral part of the military as well as the mobilization exercises.
Lithuania also initiated and leads the PESCO CRRT and Mutual Assistance in Cyber Security project, and is also among the leaders of one of the five Counter Ransomware Initiative (CRI) clusters. On February 22, 2022, the Lithuanian-led EU CRRT was activated in response to Ukraine’s request to help Ukrainian institutions “to cope with growing cyber threats". However, Russia’s invasion of Ukraine on February 24, 2022, impeded the mission.
Given the country’s track record, Mr Kerza recommends Lithuania tackle the ongoing Russian cyber-attacks with an innovative crisis response model - a digital state of emergency: “heads of state should not be afraid to proclaim a state of emergency in the cyber domain. As we comprehensively guard our physical borders, we should defend the cyber “border” as well.”
Geopolitical insurance and spillovers into deep tech
Dominykas Milašius, Co-founder of Delta Biosciences, a deep tech start-up, and Investment Partner with Baltic Sandbox Ventures fund, argues that this round of cyber warfare against the Baltic nations (and even the US Congress) failed to exact any serious disruption.
On the contrary, the wave has further mobilised the private sector and civil society to engage with national security efforts and has steered the country towards building more dual-purpose technology. “Lithuania could turn this geopolitical crisis into a geoeconomics opportunity: by building up the national deep tech ecosystem that regularly produces world-class IP, attracts international investment, and builds trust with allied nations and ecosystems.”
“And we have already started: while Baltic investment into deep tech bordered 10%, below the European average of 25%, at least two new VC funds, focused on deep (and dual purpose) tech, are being launched this year. Additionally, more local founders have started considering developing science- or engineering-based solutions, with even more deep tech start-ups set to mature out of Pre-Seed and Seed stages”, argues Mr Milašius.