A new research on Lithuania’s cybersecurity capacity reveals that we have made significant progress in some areas of our national cybersecurity but more efforts are needed to reach overall strategic maturity.
Full report is available here.
According to the report, facilitated by the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford, Lithuania has reached a strategic stage in national capacity to design a cyber resilience strategy and lead its implementation as well as in the existence of reliable Internet services and infrastructure. Areas, where Lithuania is reportedly moving into a strategic level of maturity include national incident response, critical infrastructure protection, legal frameworks and responsible disclosure as well as formal and informal cooperation frameworks to combat cybercrime.
However, there are also areas where only some aspects of cyber security are existent or they are ad-hoc, disorganized, poorly defined or simply new, such as cyber security mind-set, user understanding of personal information protection online, reporting mechanisms, framework for education and professional training, and cybersecurity marketplace, among others.
“The CMM review in Lithuania provided us with very interesting insights into our research on the maturity of cybersecurity capacity across the world. Whereas Lithuania is at very advanced stage of maturity, the gaps that we have identified also provide evidence for important needs which are not only specific to Lithuania but which could also be observed in other countries around the globe. Lithuania has commenced the process of developing different aspects of cybersecurity capacity across all dimensions, including through the revision of their National Cybersecurity Strategy and revisiting legal frameworks and regulation. These efforts will establish the foundations for more mature capacity in the future. We hope our work will offer a comprehensive and useful understanding of the country’s capacity and that our recommendations will contribute to the on-going work to enhance cybersecurity capacity across all five dimensions of the CMM”, commented Director of the Global Cyber Security Capacity Centre.
Specialised cyber defence company NRD CS and Vilnius University hosted the researchers from the GCSCC to facilitate the review of the maturity of the cybersecurity capacity of the Republic of Lithuania, based on the centre’s Cybersecurity Capacity Maturity Model for Nations (CMM). More than 20 Lithuanian public and private institutions, including Government Chancellery, relevant ministries, law enforcement and judiciary, national data protection agency, finance sector, and private entities were invited to participate in consultations to provide input to the national review.
„NRD CS efforts are driven by our mission of securing digital environment and we bring and implement recognized global good practices to our home and to other countries where we operate. There is a number of assessments already performed on the status of cyber security in Lithuania, to name a few – ITU‘s Global Cyber security Index and National cyber security index of Estonian e-governance academy. And we are very happy that researchers from the Global Cyber Security Capacity Centre agreed to bring a recognized and reputable methodology to facilitate our national self-assessment and prepared such a comprehensive report. My hope is that Lithuania‘s cybersecurity maturity review will support the debate on how we want to see Lithuania‘s cybersecurity evolve and help to define right priorities in our national cybersecurity strategy that is currently under development“, says dr. Vilius Benetis, Director of NRD CS.
The CMM report provides a comprehensive picture on the current status of our maturity in five distinct dimensions: Cybersecurity Policy and Strategy, Cyber Culture and Society, Cybersecurity Education, Training and Skills, Legal and Regulatory Frameworks, and Standards, Organisations and Technologies. The objective of this review is to enable the government of Lithuania to review its cybersecurity capacity in order to prioritise strategic investment in national cybersecurity. It also emphasises the role of civil society in developing a society that is cyber ready.
„We are happy to see evolving Lithuania‘s cybersecurity maturity. The review once again acknowledges resilience of our internet services and infrastructure and adoption of proper security processes by the private sector. However, cybersecurity marketplace and cyber awareness among our people and cyber security mind-set is still at a formative stage and we at INFOBALT, as association that seeks to establish favourable conditions for ICT industry growth, including cybersecurity industry, see our strong role in the implementation of recommendations provided in the review“, commented Paulius Vertelka, Director at association INFOBALT.
The report lists a number of practical recommendations on how Lithuania‘s cybersecurity maturity can be fostered in all five dimensions. For example, it suggests promoting the understanding of protection of personal information online among users and promoting the development of their skills to manage their privacy online, also – promoting the production of cybersecurity products by domestic providers in accordance with market needs.
Figure 1: Overall representation of the cyber security capacity in the Republic of Lithuania - the maturity estimates.
The CMM was developed by the Global Cyber Security Capacity Centre in consultation with international experts from across the world. It was developed to enable decision-makers in governments, international organisations and capacity-building bodies around the world to benchmark national cybersecurity capacity in a comprehensive manner in order to identify priorities for investment and capacity building.
Full report is available here.
About Global Cyber Security Capacity Centre: the Centre is a leading international centre for research on efficient and effective cybersecurity capacity-building at the University of Oxford, promoting an increase in scale, pace, quality and impact of cybersecurity capacity-building initiatives across the world. It has been vigorous in expanding the reach of the CMM, gathering experience, knowledge and data across the world. Together with key strategic international partners, such as the Commonwealth Telecommunications Organisation (CTO), the International Telecommunication Union (ITU), the Organization of American States (OAS) and the World Bank, the CMM was successfully deployed in more than 50 countries across Africa, Asia, Europe, and Oceania since 2015 and has significantly underpinned a regional study in Latin America and the Caribbean through our collaboration with the OAS.
The GCSCC has also established the Cybersecurity Capacity Portal in partnership with the Global Forum of Cyber Expertise (GFCE), a global knowledge resource for cyber security capacity-building.
About NRD CS: NRD CS is cybersecurity technology consulting, incident response and applied research company as well as facilitator of Norway Registers Development AS mission of creating a secure digital environment for states, governments, corporations and citizens.
NRD CS is controlled by INVL Technology - Nasdaq Vilnius listed closed-end investment in IT businesses Company. INVL Technology managed companies operate as a cluster and implement joint projects in more than 50 countries worldwide.