Cyber resilience in Latvia - Shaping posture through perception

With the recent discovery of spyware within the Ministry of Interior of the Republic of Latvia databases[1]and the hacktivist attacks on the social networking site draugiem.lv^[2]multiple questions about the posture and perception of the Latvian institutions in regards to the cyber domain have to be brought forth.

Firstly, not only the aforementioned attack but also the multiple threats have acquired media attention, for example, information provided by The Constitution Protection Bureau^[3](CPB) reveals that there have been not only targeted campaigns in 2016 but also reoccurring instances which threatened the Latvian Defence and Foreign ministries. Furthermore, the national Information Technology Security Incident Response Institution of the Republic of Latvia (CERT) has concluded that the current state of data security in many places is “primitive”^[4]based on the information explained in its quarterly report^[5]amounting to 193 669^[6]vulnerable IP addresses. Finally, within the larger context such as the ATM hacks internationally^[7]the main problem of perception of threats by policymakers becomes apparent not only domestically, but also on the global scale.

With regards to the already exemplified security of elections^[8]in the information provided by CPB the current dissonance between the candidates and safe electoral processes has to be considered as the working group of safe elections occurred amongst state institutions.^[9]Meaning that there is a lack of understanding a “cyber skills gap” towards precautions which can be taken during the time of elections by candidates such as consultation with CERT to protect their private information. However, the establishment of an election security coordination working group has to be highlighted as an excellent initiative providing concerning state institutions with an action plan, in case of an emergency, thus avoiding lackluster situations based on confusion.

All things considered, the main problem is the general lack of capabilities in the area of cybersecurity as a whole. Within the cybersecurity conference, the Economics of Cybercrime the representative of ISACA^[10]thoroughly acknowledged the small number of private cybersecurity organizations within Latvia. Calling for vendors and cybersecurity firms of Latvia to apply to NATO NCI Agency procurement incentive^[11]to which only 5 companies have been registered.

Furthermore, as pointed out by Andris Soroka “At the political level, this [cybersecurity] has not been a major priority in my opinion, because, capacity and financial opportunities for concerned institutions should be increased considerably”^[12]. Only further underlining the lack of capacity not only in the private sector but also the state institutions themselves as there is a scarcity of employees and the private sector is capable of offering larger benefits. Moreover, with regards to the development of the private sector, on the basis of little impact from the industry of cybersecurity on the countries economy, neither the society nor the political elite is invested enough in to fully comprehending the problem which then creates the problem of limited contributions to the field. Which only contributes to the larger problem of policymakers low perception of the danger of the cross-sectoral spillover vulnerability possibilities if cybersecurity continues to be underappreciated.

Understanding these threats one must pose the question of - what can be done to evade possible disasters in the future? This mainly boils down to the overall shaping of perception and later on posture towards cybersecurity.

First, in order to even build a platform of communication the attraction of an audience is a must. Meaning that as the CERT.LV is an active organizer, contributor, and influencer of cyber-related activities, there is a necessity to accompany them not only in the public media but also within the ranks of policymakers themselves. It is not enough to use it as a catchphrase or a keyword in public discussion, there has to be an overall level of competence towards this topic as it has become an aspect of the national security itself. Said competence does not require in-depth technical knowledge, but a basic understanding of what are the necessary requirements to practice cyber hygiene^[13]and endorsements through policy and budget planning to enhance not only the effectiveness of concerned state institutions but participation and establishment of private sector undertakings.

Second, the approach of policymakers themselves can be achieved through the change of perception itself. As the cyber domain^[14]still is mostly a part of the classified information sector which is a crucial part of national security, it requires intelligence institutions to be active participants in its protection. Meaning that as the necessity to protect the security of data grows the perception of possible threats has to be continuously reassessed. Thus as it possible to draw from the study carried out by Latvian Universities Associate Professor Toms Rostoks the perception of Russias intentions in the aspect of intensified intelligence activities remains at the middle level,^[15]which with the growing threats in cyberspace is insufficient and proves the necessity for an informed discussion between policymakers and professionals towards cybersecurity. An example which has to be further developed is the active communication between the Baltic ministers in regards to cyber activities in trilateral and bilateral meetings, highlighted by International Centre for Defence and Security (ICDS) study.^[16]

However, an important note has to be made upon this argument, as the majority of attacks are carried out by non-state actors and only a few of them with the help of intelligence agencies, the emphasis has to be put on a clear perception towards posture in regards to cyber resilience which is achieved by having a multi-levelled approach within the framework of action towards the most consistent threats. Best exemplified by the report presented by the government of the United Kingdom which aims to establish an “approach of bringing together a range of data sources to identify a coherent narrative on public and business attitudes towards cybersecurity.”^[17]Thus concluding that through the multi-level approach towards different adversaries it is an absolute necessity to find a common approach towards resilience in the cyber domain.

Third, capacity building^[18]is currently tackled through EU and NATO initiatives and this path is most desirable due to the currently limited action towards the enlargement of capabilities through capacity development. Therefore, projects like “Improving Cyber Security Capacities in Latvia”^[19]should be endorsed by policymakers and professionals alike, fostering not only the overall understanding of cybersecurity but also to create the possibility for public-private sector cooperation.

Finally, with regards to posture^[20]as aforementioned it is necessary to develop a clear approach through such practices as workgroups seminars and communication, whilst continuously increasing spending with regards to ICT systems, thus contributing to the overall deterrence to the main adversary which are non-state actors with the aims of achieving financial benefit. Moreover, focus on the understanding of the threat, meaning that even though there are undoubtedly incidents carried out by state proxies, the vast majority of attacks are carried out by cybercriminals for financial benefit. Thus even though the level of consideration towards the actions of state-sponsored adversaries should be reassessed, it should be focused upon in a reasonable fashion by understanding different adversaries and approaching them with appropriate measures.

It is thus possible to conclude that firstly in order to shape the perceptions of policymakers and the overall posture towards cyber security the practice of active communication and educated discussion should be established between policymakers and professionals. Secondly, on the basis of said understanding, the shaping of posture can be assisted by a multi-levelled approach towards different adversaries with the conclusions drawn from ally states experiences. Thirdly, with regards to the insufficient capacity, the most important factor which has to be highlighted is the full usage of international endorsements and investments fostering effective and educated approach towards problem-solving, thus enhancing cyber resilience through clear perceptions and sturdy posture.

References:

[1]Šņore, Inga. "Iekšlietu IT tīklā atrod spiegu vīrusu, izcelsme liecina par Krieviju." Latvijas Sabiedriskie mediji, November 25, 2018. Accessed November 26, 2018. https://www.lsm.lv/raksts/zinas/latvija/iekslietu-it-tikla-atrod-spiegu-virusu-izcelsme-liecina-par-krieviju.a300818/.

^[2]"Vēlēšanu dienā uzlauž draugiem.lv un lapā izvieto Krievijas simbolus." Latvijas Sabiedriskie mediji, October 6, 2018. Accessed November 8, 2018. https://www.lsm.lv/raksts/zinas/latvija/velesanu-diena-uzlauz-draugiemlv-un-lapa-izvieto-krievijas-simbolus.a294977/.

^[3]"SAB: Krievijas specdienests pēdējos gados uzbrucis Latvijas kibertelpai." Latvijas Sabiedriskie mediji, October 8, 2018. Accessed October 12, 2018. https://www.lsm.lv/raksts/zinas/latvija/sab-krievijas-specdienests-pedejos-gados-uzbrucis-latvijas-kibertelpai.a295244/.

^[4]"«Cert.lv»: Pusgadā uzlauztas 280 mājaslapas, datu drošība daudzviet - primitīva." Latvijas Sabiedriskie mediji, August 17, 2018. Accessed October 11, 2018. https://www.lsm.lv/raksts/zinas/latvija/certlv-pusgada-uzlauztas-280-majaslapas-datu-drosiba-daudzviet-primitiva.a289110/.

^[5]CERT.LV. "Publiskais pārskats par CERT.LV uzdevumu izpildi." Accessed November 1, 2018. https://cert.lv/uploads/parskati/CERTLV-Q3-2018.pdf.

^[6]Ibid.

^[7]Dellinger, AJ. "North Korea-linked hacking group stole millions from ATMs." The Verge. Accessed November 13, 2018. https://www.engadget.com/2018/11/08/north-korea-lazarus-group-fastcash-atm-hack/.

^[8]Dragiļeva, Olga. "LTV: vēlēšanu dienā bijis mēģinājums uzlauzt valsts iestādes e-pastus." Latvijas Sabiedriskie mediji, October 14, 2018. Accessed October 16, 2018. https://www.lsm.lv/raksts/zinas/latvija/ltv-velesanu-diena-bijis-meginajums-uzlauzt-valsts-iestades-e-pastus.a295978/.

^[9]Supra, 4

^[10]Information Systems Audit and Control Association. Accessed November 1, 2018. http://www.isaca.org/chapters2/latvia/Pages/default.aspx.

^[11]NATO Communications and Information Agency. "Contracting and Procurement." Accessed November 5, 2018. https://www.ncia.nato.int/Industry/Pages/Home.aspx.

^[12]"Eksperts: Kiberdrošība politiskajā līmenī Latvijā joprojām nav prioritāte." Latvijas Sabiedriskie mediji, October 25, 2018. Accessed November 7, 2018. https://www.lsm.lv/raksts/zinas/latvija/eksperts-kiberdrosiba-politiskaja-limeni-latvija-joprojam-nav-prioritate.a297270/.

^[13]European Union Agency For Network and Information Security. "Review of Cyber Hygiene practices." Accessed November 3, 2018. https://www.enisa.europa.eu/publications/cyber-hygiene/at_download/fullReport.

^[14]Schmitt, Michael N. 2017. ”Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations”, 2nd ed. Cambridge: Cambridge University Press. doi:10.1017/9781316822524.

^[15]Toms Rostoks (2018) Identifying intentions: Latvian policy-makers’ perceptions of Russia’s intentions, Journal of Baltic Studies, 49:1, 21-45, DOI: 10.1080/01629778.2017.1416417, Accessed November 1, 2018

^[16]Bahşi, Hayretdin, Anna Bulakh, Nolan Theisen, Tomas Jermalavičius, Artūras Petkus, and Emmet Tuohy. The Geopolitics of Power
Grids – Political and Security Aspects of Baltic Electricity Synchronization. Accessed November 4, 2018, ISBN 978-9949-9972-8-2, Tallin, Estonia: International Centre for Defence and Security.https://uploads.icds.ee/ICDS_Report_
The_Geopolitics_of_Power_Grids_Tuohy_Jermalavicius_Bulakh_March_2018.pdf

^[17]HM Government. "A Call to action: The Cyber Aware Perception Gap." Accessed November 9, 2018. https://www.cyberaware.gov.uk/sites
/cyberstreetwise/files/thecyberawareperceptionsgapreport.pdf.

^[18]European Commission, INNOVATION AND NETWORKS EXECUTIVE AGENCY (INEA). "Improving Cyber Security Capacities in Latvia." Accessed November 5, 2018. https://ec.europa.eu/inea/en/connecting-europe-facility/cef-telecom/2017-lv-ia-0058.

^[19]Ibid.

^[20]Tolga, İhsan B. "Principles of Cyber Deterrence and the Challenges in Developing a Credible Cyber Deterrence Posture." NATO Cooperative Cyber Defence Centre of Excellence. Accessed November 5, 2018. https://ec.europa.eu/inea/en/connecting-europe-facility/cef-telecom/2017-lv-ia-0058.