Natoministers are meeting this week to draw up a draft cyber
defence policy that could lead to wider international co-operation
between members by mid-2008.
Suleyman Anil, head of the Nato Computer Incident Response
Capability (NCIRC) in Nato's Office of Security, told an audience
at the RSA Europe 2007 conference, "In February 2008 an expert body
will have a draft cyberdefence policy, and the final policy will be
announced at the main meeting in Romania later in 2008."
Anil said Nato started its cyberdefence programme in 2002 after
"incidents" in the late 1990s related to operations in the Balkans.
Nato finished the first phase of its defence programme, a state of
the art intrusion detection and response system, in 2006, and has
brought forward the end date of the second phase from 2012 to 2010.
Work on it starts next year.
Anil said he believed presently technology is mature enough to
prevent most attacks if enough resources are applied. Thus 15 to 20
people are all Nato needs for cyberdefence, he said.
However, two types of attack are likely to defeat them. One is a
concerted and consistent attack on the infrastructure, the other is
an espionage attack via social engineering. "Both are hard or
impossible to defence against. Normal defences will probably fail
against them unless you take extra measures," said Anil.
Anil said signature- and behaviour-based defences are necessary
and helpful, but Nato is presently working on deeper
content verification. This allowed Nato to inspect messages for
malware, including espionage attacks.