World without borders
According to Professor Algimantas Venčkauskas of Kaunas University of Technology, Faculty of Informatics, Lithuanian online news outlets and government public pages are being constantly attacked and torrents of hostile propaganda in social networks show that Lithuania is facing an unprecedented threat.
“In today's society, information and communication technologies have become an integral part of our lives and have penetrated into many areas of activity – from everyday life, work and entertainment, to the affairs of the state and defence. That is all part of the so-called cyberspace, which has no borders. It created new public safety challenges, cyber-security issues,” Venčkauskas said.
According to him, when talking about cyber-security, people usually think about safety of their own personal computers and company information systems, but there are also technological, political, legal, economic, national defence and other aspects.
The professor distinguishes among several closely related fields of cyber-security: computer systems security, cyber-crime and cyber-warfare.
“Each of these areas could be discussed separately. Since cyberspace is global, the number of cyber-security threats will only increase. The state, as well as us, will have to dedicate more and more attention to that,” he said.
The battlefield of social networking
Cyber-attacks on Lithuania are part of information warfare. The goal of these attacks is to spread false information (propaganda) through news outlets and institutional portals and by hacking social networks. Professor Venčkauskas claims that cyber-warfare is already happening in Lithuania, but the scale of this warfare and the use of its tools vary.
According to him, social networking propaganda can certainly be considered as part of cyber-warfare, because these networks are part of the most extensive military arenas of its kind. It is widely available and easily used by both warring sides.
Social networking is limited or blocked by technical means in some countries, which are often identified as limiting freedom of speech, like North Korea, Iran and China. Recently, there have been reports about Russia isolating itself from the outside world; there were comments on restriction of access to the Internet in the country.
Defence is a matter of both state and business
Speaking about the growing conflict in Ukraine and prevalent cyber-attacks in our country, the KTU expert stressed that this is happening not only in Lithuania.
“Information Warfare, which is becoming more acute due to events in Ukraine and the Islamic State threats, is not just technological but a much broader issue. This is a problem concerning politicians and the media. Cyberspace is just one of the media in which this warfare is happening. Of course, powerful additional tools for the escalation of this warfare are available because of its globalism,” Venčkauskas said.
According to him, Lithuania is taking action – Parliament is currently discussing Cyber-Security Legislation (CSL), which will regulate more strictly the ways to ensure cyber-security and will provide additional legal responsibilities for cyber-security breaches.
Cyberspace defence is primarily the responsibility of state authorities, the Ministry of National Defence and Ministry of the Interior, which have specific structures designed for that.
“Since most of the IT infrastructure is managed by private companies, they are also taken into account. The CSL will establish the National Cyber-Security Centre in the country, which will coordinate cyber-defence issues,” the expert said.
Nothing fancy – just flooding
Venčkauskas argues that cyber-attacks against government offices and news portals are typically organized professionally, using many ‘seized’ computers (BOTNET), and it may be very difficult to disclose the original sources. In order to track down the perpetrators, states and international organisations must work together and that may not always be possible. For example, NATO already has a special cyber-security structure which is successfully performing this task.
According to the expert, cyber-attacks are very different and they may have different targets. Some of the most important problems of state institutions and news portals are the so-called DDoS attacks, which aim to disrupt servers. These servers are flooded with illegal queries which results in processing of the genuine users queries becoming slower or completely blocked.
One of the biggest attacks of this kind in Lithuania took place in May 2013, when an attack on the DELFI news portal was carried out and the number of queries reached 50 million within a few minutes, the data flow was 6 gigabytes per second. Operation of equipment was severely affected and consumer service disrupted.
Other popular attacks may be content distortion and theft of data due to gaps in system security.
Attempts to take over a nuclear power plant
Venčkauskas suggests that, because of cyberspace globalism, there is a possibility of irreparable disasters occurring. In 2010, there were media reports about a possible cyber-attack against a planned nuclear reactor launch in Bushehr, Iran.
“Details had not been disclosed because of the information security, but as the saying goes, who can deny it?” the expert said.
According to him, because cyber-security is part of national security, and because Lithuania still fails to meet the 2 percent GDP target for defence spending, it is clear that cyber-security gets insufficient resources.
“Public and private sectors pay too little attention and allocate insufficient funding for cyber-security. It is thought that spending money on safety – not just cyber-safety – is unnecessary until something happens. We tend to think that nothing bad can happen to us. We think we cannot be burgled and therefore are reluctant to spend money on the alarm system,” Venčkauskas said.
The Computer Science Department of Kaunas University of Technology together with partners have initiated a project, funded by the European Union, ‘Lithuanian cyber-crime competence centre for training, research and education (L3CE)’ which will address some of the problems of cyber-crime.
Personal information has value
The largest security problems of an ordinary PC user are related to malware, especially viruses. These programs can steal and damage data without us knowing it, as well as monitor our private lives. Information can be stolen not just from our computers, but can also be collected from ‘legal’ sources, such as e-mails, social networking and opinion pages of news portals.
“The best protection in cyberspace is our responsible use of it. When we want to cross the street, we first make sure it is safe to do so. The same applies to cyberspace – before performing any action, we first make sure that it is safe,” Professor Venčkauskas reminded.
According to him, anyone can become a cyber-offender when circulating inappropriate, unethical information through social networks and news portals, copying and distributing illegal programs, movies and music, which is known as piracy.
In these cases, offenders can usually be easily disclosed, and investigated for administrative and criminal responsibility. If adopted, the CSL will further strengthen this responsibility.
“Absolute safety does not exist and no one will ever provide it. Although electronic service providers should ensure safety, first we must take care of it ourselves. If you have a suspicion that your data is stolen, all you have to do is turn your computer off and contact a specialist, especially if you suspect a cyber-crime. In this case the police must be informed in order to properly investigate the situation and record traces of the crime. Otherwise you may lose data, and it may be impossible to prove anything in case of a crime,” the expert said.