In late June 2017, for the second time in the previous two months, Europe experienced a massive wave of cyberattacks, which also spread to the United States. Initially, the attacks—from a virus known as “Petya”—targeted Ukrainian and Russian companies, but then propagated to hit vulnerable businesses and public services in Eastern and Western Europe (Tvnet.lv, June 27). Only medium-sized chain stores suffered from these attacks in Latvia (DB.lv, June 28). A number of cases of computers infected with the Petya virus were also reported in Lithuania (Delfi.lv, June 27).
Ukraine suspects Russia’s security services of being involved in the massive cyberattack, which locked up personal and business computers around the world. The Ukrainian Security Service (SBU) issued a statement, on July 1, pointing out the similarities between Petya and previous attacks on Ukrainian infrastructure, which had also been linked to Russian intelligence services (Tvnet.lv, July 1).
Late last year, Swedish intelligence identified Russian spies as the main source of cyberattacks against Sweden. Major General Gunnar Carlson revealed that these activities involve the “dissemination of false information, distortion of the truth, [and] highlighting of some arguments at the expense of others, making it difficult to obtain a clear picture of what is happening.” Carslon added, “[Russian cyber special operations] are a serious threat, as they may penetrate the very foundations of democracy in various ways and influence the adoption of democratic decisions” (Diena.lv, December 12, 2016).
Overall, the number of cyberattacks against Western countries is steadily growing. In 2016, the North Atlantic Treaty Organization (NATO) registered about 500 attacks on its networks, which was 60 percent more than the year before. “Cyberattacks create a very high potential hazard, as they can break up, for example, energy supply or medical care and damage other critical infrastructure,” said NATO Secretary General Jens Stoltenberg. Therefore, in case of a large-scale cyberattack, Article 5 of the Alliance Treaty on Collective Security may be invoked, warned Stoltenberg (Tvnet.lv, January 19).
According to statistics provided by the National Computer Emergency Response Team (CERT.lv) of Latvia, the number of cyberattacks and related incidents in the small Baltic country rose to more than 50,000 cases in the second quarter of this year (Cert.lv, April–June 2017). CERT.lv is a national body responsible for preventing and countering offensive behavior in cyber space. A similar institution (CERT.lt) also operates in Lithuania. In the fall of 2016, Lithuania launched the National Cyber-Security Center, thus ramping up its cyber-defenses. Whereas, the previous year, in 2015, Latvia created a special cyber-defense and IT security unit within the all-volunteer National Guard (Zemessardze). These Latvian “cyber guards,” many of whom are students, have already participated in several NATO training exercises and routinely work together with professional soldiers and IT specialists.
Nonetheless, Estonia may be the most dedicated Baltic State when it comes to cyber security. After the massive cyber-hacks of 2007, the NATO Cooperative Cyber Defense Center of Excellence (CCD COE) was established in Tallinn, in May 2008. The Center aims to improve cyber defense interoperability within the NATO Network Enabled Capability environment. Moreover, it is tasked with designing the Alliance’s cyber doctrine and concept development along with their validation. Finally, the CCD COE was launched to enhance information security and cyber defense education, awareness and training; to provide cyber defense support for experimentation (including on-site); and to analyze the legal aspects of cyber defense for NATO members and partner countries (Ccdcoe.org, accessed July 17).
Last April, the CCD COE staged the world’s largest international cyber-defense training exercise—Locked Shields 2017—in collaboration with several NATO and partner countries as well as IT companies (Leta.lv, April 19). Altogether, some 800 people from 25 countries took part in the exercise, which was held from April 24 to 28. The scale of the exercise this year, as well as the number of technology platforms, networks and devices involved, was significantly bigger than in previous years. The annual scenario-based real-time exercise is designed to train security experts responsible for the daily safety of national IT systems. In Locked Shields 2017, the task of the blue-flag team was to maintain the network and computer services of an imaginary military aviation base that undergoes simulated severe attacks on its power supply system, unmanned aerial vehicles based there, the facility’s military control-and-command systems, and other infrastructure units.
In addition to the usual drills pertaining to IT infrastructure protection, this year the exercise included training on a number of specialized IT systems, reflecting current threats. Notably, Locked Shields 2017 included a SCADA system for controlling large power-grid networks, an AirC2 system used for military airspace planning, military surveillance drones and programmable logic controllers, which provide fuel to aviation bases. In total, more than 3,000 virtualized systems and more than 2,500 different attacks were activated during the course of this year’s Locked Shields scenario (Cert.lv, April 26).