Nato ministers are meeting this week to draw up a draft cyber defence policy that could lead to wider international co-operation between members by mid-2008.
Suleyman Anil, head of the Nato Computer Incident Response Capability (NCIRC) in Nato's Office of Security, told an audience at the RSA Europe 2007 conference, "In February 2008 an expert body will have a draft cyberdefence policy, and the final policy will be announced at the main meeting in Romania later in 2008."
Anil said Nato started its cyberdefence programme in 2002 after "incidents" in the late 1990s related to operations in the Balkans. Nato finished the first phase of its defence programme, a state of the art intrusion detection and response system, in 2006, and has brought forward the end date of the second phase from 2012 to 2010. Work on it starts next year.
Anil said he believed presently technology is mature enough to prevent most attacks if enough resources are applied. Thus 15 to 20 people are all Nato needs for cyberdefence, he said.
However, two types of attack are likely to defeat them. One is a concerted and consistent attack on the infrastructure, the other is an espionage attack via social engineering. "Both are hard or impossible to defence against. Normal defences will probably fail against them unless you take extra measures," said Anil.
Anil said signature- and behaviour-based defences are necessary and helpful, but Nato is presently working on deeper content verification. This allowed Nato to inspect messages for malware, including espionage attacks.