With one eye on neighboring Russia and one on future challenger China, the Baltic nation of Latvia plans to roll out new guidelines for cybersecurity in 2020.

Leaders are wrestling with how to balance the cost of increased security requirements on the country’s systems without imposing crippling costs.

Janis Garisons, State Secretary for the Latvian Ministry of Defense, told Fifth Domain in a recent interview that his country wants to take a “much broader view” of cybersecurity and communications security than the question of whether to allow Chinese or Russian made goods to be used in-country.

“We have, nationally, had examples of where state institutions procured, for example, internet services — and the traffic went through Russia,” said Garisons, who has been the No. 2 at the ministry since 2015. “You can ensure you don’t use one or another technology equipment but if still your traffic goes where you don’t want it to be, it doesn’t help much.”

The requirements, which Garisons hopes to publish early next year, will cover public sector procurements in technologies and services. The panel studying the issue is currently in discussions about whether those requirements should be writ large and apply to all procurements made by the government, no matter how mundane they be, versus limiting them to just “essential services.”

“Once you limit [what can be bought and used], you would not be surprised that it runs through a very high requirement for all systems, and price will go up. That would be very costly,” he said. “So, we have to find how to manage those risks, where it is needed and where it is not needed. Currently we are trying to define essential services and what would be [appropriate] to put those higher standards and requirements only for those essential services. That would be one solution."

Garisons said he did not yet know what the group will propose to the government.

The Baltic region is no stranger to cyberattacks. Neighboring Estonia was the victim of a prominent attack that shut down the country in 2007, leading to a major drive for security in the highly-wired nation. Meanwhile, officials in Lithuania told Fifth Domain in May that they see roughly 55,000 cyber attack a year, or an average of 150 per day.