Executive Summary
Lithuanian Cyber Command (LTCYBERCOM) reached operational status on 1 January 2025 and the Signal Battalion on 3 June 2025, while the National Cyber Security Centre (NKSC) and military intelligence (AOTD) carry the defensive workload. The talent base is thin. Computer-science graduates from KTU, Vilnius University, and VGTU enter a market where private-sector cyber salaries in London, Berlin, and the United States run five to ten times the public-sector wage, and there is no civilian volunteer cyber reserve equivalent to Estonia's Defence League Cyber Unit (Kuberkaitseliit). The gap matters because cyber attacks now precede missile strikes. On 29-30 December 2025 the Russian state group Sandworm wiped two Polish power-station control systems by stealing the certificates that authenticate utility networks. In April 2026 a Russian Ministry of Defence target list naming Vilnius circulated publicly. The recommended next step is a Ministry of National Defence and Ministry of Education feasibility study, with NKSC, AOTD, and LTCYBERCOM input, on a scholarship-for-service pipeline modelled on US CyberCorps, Israel's 8200 / Talpiot, and Estonia's Kuberkaitseliit. Scale, obligation length, and host selection are decisions for the Seimas.
In short: A documented pipeline target (illustrative: 200 graduates a year, 100 scholarship slots) feeding LTCYBERCOM, NKSC, AOTD, and a civilian volunteer cyber reserve.
The Problem
Lithuania faces persistent state-sponsored intrusion. The April 2026 Russian Ministry of Defence target list naming Vilnius treats the capital as a wartime cyber objective. Sandworm's 29-30 December 2025 destruction of two Polish power-station control systems via stolen public-key certificates is the most recent peer-relevant precedent: a NATO neighbour, civilian critical infrastructure, certificate-authority compromise, kinetic-adjacent timing.
LTCYBERCOM has the mandate but a small operator pool. There is no scholarship-for-service contract exchanging tuition for four to six years of defence service, and no civilian volunteer cyber reserve under the Lithuanian Riflemen's Union (Sauliai). University curricula are general computer science, not military cyber operations. The five-to-tenfold private-sector wage gap with London, Berlin, and the United States pulls mid-career talent abroad.
Without action: An understaffed cyber command cannot sustain round-the-clock defensive operations in a crisis, cannot run the peacetime computer-network exploitation that Tallinn Manual 2.0 (2017) treats as permissible, and cannot surge a reserve in the first hours of a Sandworm-class incident.
Lithuanian Context
Lithuania already hosts LTCYBERCOM, the Signal Battalion, NKSC, and AOTD, and contributes to CCDCOE in Tallinn. The missing layer is the civilian feeder pipeline and the wartime volunteer reserve. Sauliai is a natural host for a Kuberkaitseliit-equivalent unit; KTU, VU, and VGTU are natural hosts for a defence-focused track. Architecture and obligation terms are decisions for the Seimas, MoD, and Ministry of Education and Science.