Cyber Warfare and NATO

By Nigel Chamberlain, NATO Watch

"The world has changed. Now we're living in the era of cyber weapons”, said Eugene Kaspersky whose laboratory uncovered the virus, or cyber weapon, believed to have been used by the United States and Israel to attack Iran's nuclear programme. From criminal activity, to international terrorism and inter-governmental warfare, he fears the worst and called for an international treaty to combat it at the Reuters Global Technology, Media and Telecoms summit held in London recently.

NATO Secretary General Anders Fogh Rasmussen while on a visit to Australia this week said that NATO and its partners face increasingly complex and unpredictable security challenges. He pointed to terrorism, cyber attacks and piracy as examples of the global security challenges that both NATO and Australia face. He said that a cyber attack disrupted the Parliament House website two years ago and that Australian government departments and ministerial offices are regularly subjected to similar attacks. In recent months financial institutions have been targeted as well. “I am convinced that our cooperation should also encompass maritime security and cyber security”, the Secretary General said.
 
NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was formally established in May 2008 in order to enhance NATO’s cyber defence capability. Based in Tallinn, Estonia, the Centre is an international effort that currently includes Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Poland, Slovakia, Spain, the Netherlands and USA as Sponsoring Nations.
 
23 NATO and six partner nations were involved in Cyber Coalition 2011, NATO’s main yearly cyber exercise. Assistant Secretary General for Emerging Security Challenges, Ambassador Gabor Iklody said:
 
I am delighted to see so many participants joining us for NATO’s major annual cyber coalition exercise. The number of players and observers is growing every year. This demonstrates the high importance that Allies and partners attach to achieving better protection against rapidly increasing cyber threats and also confirms NATO’s recognition as a key player in cyber defence. 
 
In February 2012, a 58 million Euro contract was awarded to establish a NATO Cyber Incident Response Capability (NCIRC), to be fully operational by the end of 2012. A  Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness. In March the NATO Consultation, Command and Control Agency (NC3A) was awarded the contract for upgrading NATO’s cyber defence capabilities. Private industrial companies will enable the NCIRC to achieve full operational capability.
 
On 26 April, Spiegel Online reported that ‘NATO Faced with Rising Flood of Cyberattacks’. "Each day, we are seeing up to 30 significant attacks on our digital networks or on individual computers, mostly by way of emails infected by spyware and sent to individual NATO employees," said Lieutenant General Kurt Herrmann from NCSA, which was founded in 2004 and has been operational since 2005. A further expansion of NC3A is anticipated next year. It was two years ago, that NATO officially identified the danger of cyber attack against member states as a strategic threat.
 
Earlier this month, 400 experts from all over the world gathered in Tallinn for the fourth International Conference on Cyber Conflict (CyCon 2012) organised by the NATO Cooperative Cyber Defence Centre of Excellence. The conference topic was Military and Paramilitary Activities in Cyberspace, and focused on aspects of law and policy, strategy and technology.
 
Author of ‘Virtual War’ and University of Toronto professor Michael Ignatieff writes in the Financial Times that:
 
Virtual technologies make it easier for democracies to wage war because they eliminate the risk of blood sacrifice that once forced democratic peoples to be prudent…Drones and cyberwar technologies are so cheap that it will be impossible to keep them under the lock and key of the sovereign. The age of the super-empowered, and therefore super-dangerous, individual has arrived.
 
Our cybersystems are now under constant attack and it is in responding to these attacks that they become more secure. States will have to allow the global community of coders and engineers who built and maintain the internet the freedom to keep the malware at bay and keep the system open for the rest of us….The new technologies are so easy and cheap to produce that the best international law and state action can hope for is to generate a limited set of shared norms to prohibit their most harmful uses.
 
NATO Policy on Cyber Defence, ‘Defending the Networks’ is available on the alliance’s website. It states that: 
 
The 2010 NATO Strategic Concept highlighted the need to “develop further our ability to prevent, detect, defend against and recover from cyber-attacks…”. Threats are rapidly evolving both in frequency and sophistication. Threats emanating from cyberspace – whether from states, hacktivists or criminal organisations, among many others – pose a considerable challenge to the Alliance and must be dealt with as a matter of urgency.

A NATO Concept on Cyber Defence was first drafted for Defence Ministers in March 2011, which formed the conceptual basis of the revised NATO Policy on Cyber Defence. The Policy itself was then developed and approved by the NATO Defence Ministers on 8 June.

Cyber threats transcend state borders and organisational boundaries. Their vulnerabilities and risks are shared by all. Recognising the truly global nature of cyberspace and its associated threats, NATO and Allies will work with partners, international organisations, academia and the private sector in a way that promotes complementarity and avoids duplication. NATO will tailor its international engagement based on shared values and common approaches. Cooperation in the field of cyber defence could encompass activities including awareness-raising and sharing of best practices.
 
NATO is in the process of drafting an international law manual which will address concerns surrounding the prospect of cyber warfare, and how member states can best cooperate to mitigate mounting threats to network security. Publication is expected by the end of 2012. Colonel Ilmar Tamm, Director of the NATO Cooperative Cyber Defence Centre of Excellence said:
 
"Various states have managed to agree on laws that govern borders, international sea and air space, even outer space – but now we are faced with the task of adapting or creating laws and precedents for cyberspace..." 
 
Speaking at CyCon 2012, Major General Jaap Willemse, Assistant Chief of Staff Command, Control, Communication, Intelligence, Allied Command Transformation said that NATO is not considering launching a barrage of computer-based attacks. There are huge political, legal and diplomatic objections."…"NATO does not have the doctrine, command and control, educational support or other factors needed to run an offensive capability."