Coming soon to a cyberattack near you: an EU rapid-response team led by Lithuania, able to leap national borders in a single bound. Criminals do it, so why not the good guys? Teri Schultz reports.
As NATO and the European Union team up to cut red tape for troops to move more quickly through Europe to counter a potential crisis, Lithuania is leading an effort to do the same for cyber defenders. Lithuanian President Dalia Grybauskaite has called on fellow EU leaders to support the creation of a "cyber Schengen," modeled on the area of free movement of people within the European Union, to better battle online crime and aggression which operate border-free.
Within the Lithuanian Ministry of Defense, the effort to create this emergency capability has been underway for years. Now, with the creation of the EU's European defense fund and the permanent structured cooperation pact, known as PESCO, the concept of a bloc-based cyber force has attracted more members, momentum and money.
EU, NATO efforts needed
NATO has had a cyber rapid reaction force for several years, but Lithuanian Defense Vice Minister Edvinas Kerza, who's spearheading the EU project, believes it's necessary to have a complementary force under EU auspices.
Besides being deployed to protect civilian infrastructure under attack, including EU institutions themselves, "it's easier to talk about joint efforts in cyberspace in Europe than in NATO," Kerza told DW.
He said that in his meetings with counterparts on both the military and civilian sides, he constantly hears discussion about trust. "When you talk about NATO, normally you talk about secrets and when it comes to secrets, countries do not want to open doors very widely. When we're talking about cyber in the EU...about 80 percent of incidents are open, not classified."
The first meeting of the EU rapid-reaction force was in Vilnius earlier this month, with about half of the 28 EU governments participating. At least seven of those have already signed on as members of the force while the rest are in "observer" status and deciding whether and how they want to be involved. Kerza expects to put an EU team through training later this year. Legal experts are currently working on establishing operational guidelines.
No more NotPetyas?
Kerza says he envisions the EU force having a global impact, able to help countries such as Ukraine withstand attacks like the NotPetya malware incident pinned on Moscow, which spread around the world and cost Europe millions of euros.
It's not surprising a Baltic state is driving this development; the Kremlin has never quite gotten over losing these jewels in its empire. Estonia, Latvia and Lithuania were dealing with Moscow's disinformation warfare long before institutions in Brussels started fighting back. Former NATO assistant secretary general for emerging security challenges, Sorin Ducaru, recalls that NATO crafted its first cyberdefense policy only after Russia attacked Estonia's infrastructure in 2007.
Ducaru said that initially cyber aggression was seen as "just as a technical issue to be outsourced to the technicians." Now, he noted, cyberspace is an official domain of warfare, with the potential to require a call to collective defense. NATO allies, he said, are responsible for reporting, maintaining and updating their cyber defense capacities. "Every organization has to be vigilant and to forget about any sense of complacency," he told DW.
Lithuania leads the way
Lithuania estimates it was hit by 50,000 cyberattacks last year, including one that unsuccessfully tried to embroil German troops in a fake rape claim.
Another of these hits happened last month, when a hacker inside Lithuania's most popular television channel TV3 posted "breaking news" on its website, alleging that Defense Minister Raimundas Karoblis had been leading a double life as a gay man and other allegations. Recounting the incident to DW, Karoblis said at first he laughed about the content. "It was absolutely ridiculous."
Lithuanian Defense Minister Raimundas Karoblis was targeted by Russian hackers who posted fake stories about him
But the incident itself was serious. The false information was also sent as an "alert" by email from the genuine "tv3.lt" email address. "The messages were sent to high-level politicians including the president and prime minister, representatives of the parliament, and journalists," Karoblis explained. Clicking on it unleashed a virus in users' computers. "The aim was to extract information and actually take over the IT systems," he said.
Lithuanian cybersleuths traced the attack back to Russia and discovered a sophisticated plot. Hackers had breached the TV network's account in December and were waiting to strike. Despite its sophistication, the attack was contained before damage was done, in part because Lithuania has already consolidated the responsibility for cyberdefense nationwide under its defense ministry, whether it be civilian or military.
"It's one cyberspace," Kerza pointed out. He hopes that the rest of Europe soon sees it Lithuania's way.