Developing a culture of CTI sharing in Lithuania

This time, as part of the SOCshare project, we look at the CTI sharing culture in Lithuania. On the 17th of April we are approaching an important milestone in the implementation of the NIS2 Directive – the publication of the updated list of Important and Essential Entities among member states in the European Union. Part of the EU’s plan to foster cybersecurity resilience among member states is to encourage organisations and security teams to share information on cyber threat intelligence. We talk to Deividas Stumbras, the Director of Cyber Defence Department at the National Cyber Security Centre (NCSC) under the Ministry of Defence (MoD), about Lithuania’s efforts to foster CTI sharing culture.

A short Q&A with Deividas Stumbras

1. Why fostering CTI among NCSC’s constituencies and broader cybersecurity ecosystem is important?

By sharing threats we help each other. It is not only important to share, but also to be able to integrate the information we receive into our security solutions, into our SIEM, and into the whole cyber incident management process NCSC’s constituencies will see practical benefits from their research to develop indicators (IoCs) when they know that these indicators will be used by other constituencies, and that this will potentially help others to protect themselves. This will make the whole ecosystem more mature and resilient. More broadly, active engagement in threat sharing helps a state to quickly identify and respond to cyber-attacks, thereby minimising potential losses.

2. What kind of culture for cyber threat information sharing does the NCSC want to create?

The NCSC aims to promote the sharing of actionable CTI, i.e. information in the form of IoCs that can be automated and used in security measures. The aim is to educate and mature the constituencies, to organise them into groups (e.g. by sector) and to promote the exchange of information relevant to them.

3. Differenet points/platforms/initiatives for CTI sharing – is it worth combining, or is it just good that the community is active and initiates sharing among themselves?

It is best when the initiatives come from the community itself. This means that the community sees the practical benefits. The tools allow you to choose with whom to share the information.

NIS2 and CIS (KSIS)

The NIS2 Directive aims to encourage Essential and Important Entities across the EU to increase their focus on cyber resilience and raise their cybersecurity maturity. The Directive focuses on CTI and promotes a broader approach to risk management and incident response in organisations. Organisations are encouraged to participate in trusted communities (e.g. ISACs – Information Sharing and Analysis Centres) to enhance collective security. The NCSC has established a threat monitoring and information sharing system for this purpose.

What is CIS (KSIS)?

The Cybersecurity Information System (CIS) is a secure, closed platform for NCSC’s constituencies to get information on monitoring of tools, cybersecurity threats as well as exchange of information. It is administered by the NCSC. From 17 April 2025 organisations can check https://www.nksc.lt/kssregistras/ to see whether, under the updated Cybersecurity Law, they are considered Essential or Important Entities and have certain requirements for their cybersecurity practices.

Benefits of CIS (KSIS)

Users logged in to CIS (KSIS) can do the following:

  • share information about cyber incidents and malicious activities with other CIS (KSIS) members and the NCSC
  • notify the NCSC of cyber incidents occurring on their infrastructure
  • share additional cyber incident investigation information with the NCSC
  • obtain CTI threat indicators and other cyber threat information from the NCSC
  • share and easily find contacts of other QIS members
  • automate the detection of cyber incidents
  • deploy cyber security measures
  • check for suspicious/malware code
  • get free access to some commercial products
  • communicate with other CIS members
  • participate in incident management exercises
  • participate in phishing simulations

 

SOCshare project MISP

At the end of last year NRD Cyber Security launched SOCshare project MISP and are inviting organisations that have a SOC team or team members interested in cyber threat intelligence to join. The aim of this MISP is to share information about malicious activities in order to prevent threats before they happen.

This entry is published as part of the SOCshare project (No. 101145843), which we are running together with Vilnius City Municipality. It is partly funded by the European Union. The views and opinions expressed are those of the authors alone and do not necessarily reflect those of the European Union or the European Cyber Security Centre of Excellence. Neither the European Union nor the European Cyber Security Centre of Excellence can be held responsible for them.

Other news and updates

Security automation: from idea to tool
SOCcare May 2025 Malpeek: Analysis of a "copyright infringement" malware
SOCcare May 2025 Malpeek: Analysis of a "copyright infringement" malware
NRD Cyber Security recorded strong growth and international expansion in 2024
NRD Cyber Security recorded strong growth and international expansion in 2024
Building awareness is a continuous effort
Building awareness is a continuous effort
Facilitating dialogue on NIS2 within the Lithuanian cybersecurity ecosystem
Facilitating dialogue on NIS2 within the Lithuanian cybersecurity ecosystem
Festivities in Lithuania in 8 episodes
Festivities in Lithuania in 8 episodes
SOCshare December 2024: cyber threats for elderly
SOCshare December 2024: cyber threats for elderly
SOCcare November 2024: Have you noticed... a stillness?
SOCcare November 2024: Have you noticed... a stillness?