The Ministry of National Defence Republic of Lithuania implemented its National Cyber Security Strategy in 2018. Its previous strategy was adopted in 2011, covering the period 2011-2019.
It covers the following strategic goals in the ENISA self-assessment: Cyber crime; adoption of information security standards; citizen awareness; critical information infrastructure protection; national cyber contingency plans; international cooperation; public-private partnership; incident response capability; policy and regulation capabilities; baseline security requirements; R&D; cybersecurity exercises; risk assessment; training and educational programmes.
The Ministry of Defence is responsible for shaping cyber security policy as well as monitoring and coordinating its implementation. The work of NCSK is supported by an Inter Departmental Committee on Cyber Security, established and chaired by the DCENR, which regularly reports on progress and on cyber security issues to the Government Task Force on Emergency Planning. The Government Task Force, chaired by the Minister for Defence, maintains cyber security as a standing agenda item, allowing for provision of regular updates and addressing of issues of common interest.
EDUCATION AND TRAINING IN NATIONAL CYBER SECURITY STRATEGY
Awareness, Education and Training |
Promote cybersecurity culture and innovation is a key target of the national strategy. Employee training: Routine and regularly updated training courses for private and public sector employees aimed at increasing employee duty of care as well as building an overall cybersecurity culture. Cybersecurity culture: Efficient and regular dissemination of information on the latest cyber incidents and other factors that may cause personal data breaches or pose a risk of becoming a victim of cybercrime is a key measure for strengthening the cybersecurity culture of the Lithuanian people. In this context, the strategy prioritises increasing the dissemination of information in the face of 49% of internet users in Lithuania believing that they are not sufficiently aware of the full risk of cybercrimes (the European Union average is 51%).
Cybersecurity education for children: To boost cybersecurity culture, children and pupils will be given fundamental knowledge of cybersecurity under nursery, preschool, primary and/or secondary education programmes, making ICT part of the country's educational and learning processes. The strategy also includes teacher upskilling and training to improve their qualifications in the area of cybersecurity. Training of teaching staff: In the context of implementing programme of the Government of the Republic of Lithuania on reorganisation of the system of teachers’ up-skilling and training, efforts should be made to improve teachers’ qualifications in the area of cybersecurity. Having the opportunity and ability to expand and deepen their cybersecurity knowledge, teachers of different educational areas would not only be able to educate young people better, but would contribute to the development of knowledge and innovation based society and further cybersecurity awareness raising as well. Filling the skills gap: The strategy highlights that the need to have a precise understanding of the demand for cybersecurity professionals in Lithuania. The second objective of the cybersecurity strategy target is to develop creativity, advanced capabilities and cybersecurity skills and competence that meets market needs. Implementation is creating a cybersecurity competence model, setting up cybersecurity competence standards, developing systems of training, accreditation and certification oriented towards the needs of the labour market, attracting, nurturing and retaining talent, providing training and testing environments for cybersecurity, teaching newcomers, offering training to ICT workers, training employees working with sensitive data. |
---|---|
Research Programme |
One of the strategy's measures is to develop scientific research and activities that create high value in the area of cybersecurity. Specifically, the strategy is aimed at creating favourable conditions for new, advanced cybersecurity initiatives, promoting the growth of the cybersecurity market, expanding export of cybersecurity services to foreign market, developing cyber security sector of financial technology and conducting research. A complementary measure is ensuring reliable measurements of the cybersecurity market in Lithuania in view of growing demand and driving innovation to strengthen the country's competitive position in the development of new products and services. The aim is to combine initiatives of innovation and general national policies while promoting long-term science, technology and innovation development.
|
Higher Education Degrees in Cybersecurity |
|
Public Private Partnerships |
The strategy highlights the need to promote public, private, and academic partnerships while creating innovation in cybersecurity is part of the target. This objective is implemented by identifying the common needs of the private and public sectors and their importance in relation to scientific cybersecurity research; by creating technical measures, methods and other resources; and by developing the requisite expertise for solving cybersecurity problems or fulfilling any other specific tasks for cybersecurity. InfoBalt, the national trade association, includes cyber security in its activities. |
EU Cyber Professional Register for national stakeholders |
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace. This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications. Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture. |
Latest Update & Disclaimer |
January 2021.
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses. |
Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification
Operational capacity building |
Lithuania is building its cyber security capacity and management institutions based on a long tradition of information technology and telecommunications. CERT-LT (English) is the national electronic communications network and information security incidents investigation service operating as the national Computer Emergency Response Team. It is responsible for coordinating security and incident response measures across all Lithuanian networks. CERT-LT is tasked with managing the reporting of cyber security incidents and provides an online reporting structure to log cyber security. It is also charged with promoting security in the information society by preventing, observing, and solving information security incidents and disseminating information on threats to information security. CERT-LT provides capability to deal with netwotk and information security incidents but would require additional resources in the event of a national cyber security crisis. LITNET CERT is the Computer Emergency Response Team of the Lithuanian academic and research network. SVDPT-CERT (English) is the computer emergency response team of Secure State Data Communication Network of State Enterprise ''Infostruktura'' in Lithuania. SVDP-CERT (English) is the Computer Emergency Response Team of the Lithuanian Public Administrations and municipalities. In September 2016 the Lithuanian government officially launched the country's National Cyber-Security Centre (NKSC). The NKSC was set up through a transformation of the Lithuanian Defence Ministry's Communications and Informations Systems Service with the aim to consolidate the efforts of public institutions, spread the ideas of cyber-awareness and provide help in dealing with cyber-incidents on government networks. |
---|---|
Report a cyber incident to a national CERT/CSIRT |
CERT-LT
|
Landscape Updates |
CERT-LT provides regular reports on cyber incidents, spanning statistics for the current period: Attack statistics; Number of infected machines found in "Botnets"; CERT-LT recommendations' efficiency; Number of solved incidents per week, as well as quarterly activity reports. LITNET CERT provides some snapshot information on the threat landscape.
|
Languages | Lithuanian, English |
Overall assessment |
There is no legislation in place in Lithuania that requires each agency to have a chief information officer (CIO) or chief (information) security officer (CISO/CSO). This may hamper not only the ability to detect and counteract cyber threats but also significantly impact on capacity building across the public and private sectors in Lithuania. It is also important to note that the national strategy does make reporting a cyber incident to the government or EU a requirement (it is only a provision). The statistical analysis provided by CERT-LT is a good practice that could be replicated by more CSIRTs/CERTs. |
Latest Update & Disclaimer |
January 2021.
The information contained here is the result of desk research carried out by CYBERWISER.eu. |