1. Cyber security: Lithuanian National Regulatory Authority expertise in monitoring national networks resilience Dr. Rytis Rainys | rrt.lt at TAIEX Multi-beneficiary Workshop Vilnius, 12 April 2016

2. Advantages in Internet technologies Lithuania has modern and advance optical network infrastructure Lithuania is a leading country in Europe (No. 8 country in the world) talking about penetration of broadband internet provided via optical cable lines Highest internet speed 47,4 % of subscribers enjoyed internet speeds higher than 30 Mbps in 2013 Cheapest internet price Monthly internet service subscription (30+ Mbps speeds) price in Lithuania is the lowest in Europe: 11,26 € (VAT included) But how about national network resilience? How networks are affected by cyber attacks? 2

3. Do we know our national networks? Internet is very big… But which are exactly those network assets that can be identified as Critical Information Infrastructure (CII) and how we can make sure they are secure and resilient? ✦ Do we understand the whole picture of country’s network infrastructure? ✦ Do we know how complex network infrastructure is? ✦ Do we know how interconnection and the connection to the internet backbone is performed? ✦ What is a transit/peering connections distribution?

4. Lithuanian NRA benefits from TAIEX Having challenge from increased cyber incidents on Lithuanian network, NRA had a demand to assess national networks infrastructure and measure its resilience The amount of incidents fixed by CERT-LT is growing to 41 thousands incidents investigated in 2015 in LT In 2008 Lithuanian NRA received TAIEX expert mission on „Lithuanian internet infrastructure resilience assessment“ Since 2008, Lithuanian NRA successfully investigated national networks infrastructure mapping instrument and developed real time cyber situation monitoring system Now Lithuanian NRA is one of the leading institution in internet networks mapping systems and is sharing this best practice to ENISA and other EU NRA‘s

5. Tasks, methodologies The main priority for National Regulatory Authority (NRA) is to evaluate the resilience of the national Internet network infrastructure. Tasks: 1. Mapping of the Lithuanian Internet network topology 2. Identification of critical network interconnection nodes 3. Constant critical network monitoring Methodologies Manual data collecting, by performing surveys (2008-2012) Automatic data collecting (2012-Now)

6. Manual data collection results (2008-2012) Topology assessment presented important findings 114 Lithuanian ISPs, 40 autonomous systems, ~590 interconnections (national, international) ~80 % of all peering connections (~400) execute in IXP Peering with IXP (~ 400 (330 in IXP) peering connections) Peering without IXP (~ 70 peering connections)

7. Automatic data collection results (2012-NOW) Real Time Topology assessment presenting important findings Lithuania’s Internet infrastructure ASN (LT) – 130 ASN (upstream) – 55 (connections 157) Internet IP range (inetnum) – 5333 Routes – 2016 Root dns ns - 5

8. Critical components of internet infrastructure The metrics used selecting those critical internet resources: domain names, IP addresses, IP address ranges, routes and autonomy systems (AS) Internet resources were linked with national critical infrastructures and its information systems on the internet 1. ICT sector 2. Governmental sector 3. Financial sector 4. Energy sector 5. Health sector 6. Water and food supply 7. Transport sector

9. Lithuania’s critical infrastructures list Subdomain/Domain - 784 Root DNS NS – 5 DNS NS – 233 IP addresses – 780 Internet IP range (inetnum) – 169 Routes – 144 ASN (LT) – 52 ASN (upstream) – 46 Critical components of internet infrastructure National CI on Internet map

10. MAPPI MAPPI is a tool for visual assessment of internet topology and network troubleshooting Visual network topology analyzer Mappi provides the ability to visually analyze the network, to understand how ASs are interconnected, how information system connections are redundant and so on. Automatic data collection All data collections are done automatically, so ISPs, NRA or any other parties don't have to submit information manually Real-time network monitoring All information is gathered based on BGP and related network protocols that allow to work is with the real-time data >

11. MAPPI Report generation and alerting MAPPI provides with reports and alerting system tools Statistics gathering and comparison The tool gathers all the statistics needed for analyzation of cyber security and istorical data comparison Network troubleshooting MAPPI helps you to determine potentialy critical network components, persistent problems and network anomalies

12. Normal national networks behavior

13. 13:05:04 (9 % routes down)

14. 13:05:41 (14 % routes down, affected ~400 CI systems)

15. Key massages The impact of cyber security incidents is increasing and this tendency will remain. The sophistication of cyber attacks increased even more Modern networks are highly complicated, interconnected and still evolving. NRAs now has to understand national networks topology very well to be able to implement right decisions National internet networks topology assessment (in other words “Internet topology mapping” tool) is useful and powerful instrument for NRAs to have more impact on regulation measures 15

16. Dr. Rytis RAINYS Communications Regulatory Authority of the Republic of Lithuania Director of Network and Information Security Department Algirdo 27A, LT-03219 Vilnius, Lithuania Mob. +370 611 14018, e-mail: rrainys@rrt.lt www.rrt.lt/en www.cert.lt/en