Executive Summary
For a small state like Lithuania, facing a significantly larger adversary at the geostrategic crossroads of the Suwałki Gap, Offensive Cyber Operations (OCO) capability is not merely a technical enhancement but a strategic necessity. OCO provides asymmetric deterrence by enabling cost imposition in the digital domain—disrupting adversary command and control, logistics systems, and critical infrastructure without requiring military mass or geographic advantage. The evidence is combat-proven: Ukrainian cyber operations and the Belarusian Cyber Partisans' 'Railway War' demonstrate that well-prepared cyber capabilities can halt armored columns, blind intelligence networks, and isolate strategic positions. In January 2022, approximately 30 Cyber Partisans delayed Russian troop transit through Belarus by two weeks at a critical invasion juncture—buying precious time for Kyiv's defense. This initiative builds a dedicated 50-100 operator OCO unit following the 'Defend Forward' doctrine—establishing persistent presence in adversary systems during peacetime to ensure disruption options are available the moment crisis escalates. Integration with SIGINT and NATO's SCEPVA framework enables Lithuania to become a 'security provider' contributing niche regional capabilities to collective defense. The €35-60 million four-year investment provides capability multiplication that imposes unacceptable costs on any adversary contemplating aggression in the Baltics.
Establishes Lithuania as a capable cyber actor with offensive options, creating deterrence by punishment through the ability to freeze adversary logistics, disrupt Kaliningrad grid stability, and blind SIGINT capabilities during crisis—supporting conventional military operations across all phases of conflict.
In short: Provides Lithuania with asymmetric capability to impose costs through the cyber domain at 1:1000+ cost-exchange ratios, creating deterrent effect and wartime options at a fraction of conventional military investment while contributing to NATO collective cyber defense.
The Problem
Russia conducts continuous cyber operations against NATO including espionage, influence operations, and preparation for destructive attacks. Russian APT28/Unit 26165 actively targets logistics and military systems. In conflict, Russian cyber would target Baltic critical infrastructure, military command, and communications.
Lithuania's cyber capabilities are primarily defensive. No significant offensive cyber capacity exists to impose costs on adversaries, disrupt Russian logistics, or provide strategic options in crisis. Without OCO, Lithuania grants the adversary initiative to probe and attack with near impunity.
Without action: Purely defensive cyber posture insufficient for deterrence. No ability to impose costs through cyber domain. Unable to disrupt Russian rail logistics through Suwałki Gap. Cannot exploit Kaliningrad energy island vulnerability. Limited strategic options below kinetic threshold. Unable to contribute meaningfully to NATO SCEPVA collective offense.
Lithuanian Context
As a small nation at the Suwałki Gap chokepoint facing a significantly larger adversary, Lithuania needs asymmetric capabilities. OCO provides deterrence by punishment—the credible ability to impose unacceptable costs on any aggressor without requiring military mass, geographic depth, or logistical advantage.
Cyber domain is geography-independent—Lithuania can develop world-class offensive capability regardless of physical size. Kaliningrad's isolation as an 'energy island' post-BRELL creates unique vulnerability. Belarusian transit routes for Russian logistics provide additional target set.