Cyber war, cyber threats and cyber attacks regularly dominate headlines, making it easy to lose sight of the positive role technology plays in keeping Europe safe.
Technology has a growing role in keeping countries safe from attack on land, from the air, at sea and in cyber space, but technological innovation is just one piece of the puzzle, say European experts.
They raise concerns that, in the post-Snowden era, it is becoming more difficult for security and law enforcement agencies to do their jobs, as communication channels become encrypted by default.
And they point out that, in many instances, the defensive, intelligence and crime-fighting capabilities enabled by technology outstrip what current regulatory and legal frameworks and processes will allow.
This is vividly illustrated by the role technology has played in fighting deadly attacks that use improvised explosive devices (IEDs) in Afghanistan.
DNA-profiling the IED bombers
Technology was key to analysing communications data, as well as enabling foreign military forces in Afghanistan to link IED attacks to individuals, chemical supply chains and other support networks.
Mobile laboratories enabled soldiers to take DNA samples at the scene of an attack and connect instantly to fully equipped laboratories in allied countries, to analyse the digitised samples.
This analysis could be uploaded to DNA databases and cross-referenced with existing records, as well as passed on to Afghan authorities to help arrest and prosecute those responsible for IED attacks.
However, the enabling technology existed long before it could be used, according to Jamie Shea, Nato's deputy assistant secretary general for emerging security challenges.
There were several key elements that had to be aligned first, he says. Information-sharing processes had to be set up to enable Interpol to receive and compare military data with the DNA database it maintains, and the Afghan criminal and legal system had to be updated to accept and deal with DNA evidence.
The hardest work is typically not the technology, but the legal, administrative and de-classification arrangements
Jamie Shea, Nato
Tech development runs ahead of legality
“Since the days of the Cold War, Nato has prided itself on the technological edge of the alliance, and technology is increasingly important to keeping Europe safe – but it is no good without the legal and institutional arrangements in place to make use of it,” says Shea.
“The hardest work is typically not the technology, but the legal, administrative and de-classification arrangements necessary to be able to exploit it to the full.”
It was only after these processes were in place that IED makers could be taken out of the battlefield and prosecuted, and international authorities could identify bomb makers if they should ever turn up at a European or US airport, he told Computer Weekly.
The EuroHawk drone provides another example, says Shea. Drone technology is vital for dealing with modern conflicts to gain battlefield awareness, but they need to be able to work within airspace regulations.
The German Air Force reportedly spent €562m on a customised version of a US-developed drone before it was forced to abandon the project in May 2013, because the EuroHawk failed to meet the safety requirements for all aircraft operating in European airspace.
“The cost of modifying the EuroHawk to meet the safety requirements would have been greater than the cost of the whole project up until that point,” says Shea.
With these safety requirements set to increase with the growth of air traffic in Europe, he says it is essential for military aeronautical technology to dovetail with civilian aviation legislation.
Having different certification and licensing systems across Europe has added an estimated €4bn to the cost of rolling out the NH90 military helicopter
Jamie Shea, Nato
EU legal harmonisation cuts costs
In an era where a growing number of technology standards and regulations are being set in the civilian world, Shea says military, security and law enforcement organisations are having to adapt their technologies far more than in the past to compete for resources such as radio frequency spectrum.
“As more technologies are produced on the civilian side, particularly in cyber space, there is a growing need for the security forces to get their requirements fed into the process as early as possible and to ensure that any technologies under development are in line with existing and emerging regulations,” he says. This is also important as military organisations faced with shrinking research and development (R&D) budgets seek to exploit and adapt civilian technologies, rather than redevelop them from scratch.
European regulatory efforts to achieve a single market with harmonised laws and standards will also provide clarity, cut costs and improve efficiencies in developing defence technologies, says Shea.
“Having different certification and licensing systems across Europe has added an estimated €4bn to the cost of rolling out the NH90 military helicopter, which is now in use by several armies in Europe, including France, Germany and Italy,” he says.
Having a common regulatory environment that imposes just one standard – such as the proposed European data protection regulation – will help avoid unnecessary costs, but at the same time, Shea says there also needs to be better governance in military organisations around technology development.
By agreeing on a single specification for jointly developed military technology and hardware, he says military organisations can cut the costs of production, maintenance and training.
Being able to sniff out adversaries using information is likely to be the key element of defence for a long time to come
Jamie Shea, Nato
The growing importance of intelligence
However, Shea says that, as armed forces decrease in size and adversaries become more numerous and less visible, technology that supports and enables greater knowledge about those antagonists is becoming increasingly important.
“The whole business of being able to look around the corner through intelligence, surveillance and reconnaissance is key, and accordingly you are going to see all the investment going into knowledge capability, which is now becoming even more important than firepower,” he says. In a world where adversaries are as likely to be small groups hiding in cities as armies on a battlefield, Shea says it is vital to know more about your enemies than they know about you.
“Being able to sniff out adversaries using information is likely to be the key element of defence for a long time to come,” he says. But according to the intelligence community, it takes 100,000 times more data points to identify individuals in networks than to identify a tank on the ground.
“This requires extremely powerful computing systems to correlate all the data and pinpoint an individual with a high level of certainty in connection with a terrorist plot, for example,” says Shea.
We are now able to transmit biometric data in seconds to help police officers in the field identify suspects and act faster
Troels Oerting, EC3
European agencies collaborate to fight crime
Technology is also playing an increasingly important role in fighting crime in Europe, but again there are both positive and negative sides, says Troels Oerting, head of Europol’s European Cyber Crime Centre, (EC3) in The Hague.
While technology has proved a boon to criminals, law enforcement officers are also tapping into its benefits. However, they face legislative obstacles similar to those that military organisations must deal with.
The most commonly used technologies are electronic communication systems that enable law enforcement officers to exchange information across countries and borders quickly and efficiently.
“We are now able to transmit biometric and other data in seconds to help police officers in the field identify suspects and act faster,” says Oerting.
Communication technologies have been crucial to EC3 co-ordinating international anti-cyber crime operations.
For example, the third of these operations in November 2014, conducted across 45 countries, netted 118 suspects in connection with airline flight tickets booked using fraudulent credit cards.
Mobile teams of Europol analysts with live access to centralised criminal intelligence databases supported the operation.
Communication technologies also enabled Interpol to assist officers on the ground with the rapid identification of suspects.
Big data analysis is something law enforcement organisations are likely to use more and more in future
Troels Oerting, EC3
Law enforcement uses big data
The next most commonly used technologies include face recognition systems and image recognition systems that help to identify, track and trace criminals and victims, particularly in regard to child sexual exploitation.
Data analysis is becoming important in identifying patterns or trends in crime and developing crime prevention strategies. He says this is likely to increase as new datasets become available.
“Big data analysis is something law enforcement organisations are likely to use more and more in future, to help protect the majority of law abiding citizens from those who are not,” says Oerting.
“This is a useful tool in linking data across various police databases, countries and cases to identify patterns that would not otherwise be apparent.”
Big data analysis technologies are also enabling law enforcement officers to derive useful intelligence from open source information such as social media sites, particularly as an indicator of patterns and trends.
“We use data analysis and gathering tools for looking into the 96% of the internet that is not indexed by search engines like Google, but is still publicly available,” says Oerting.
Sometimes law enforcement needs access to the keys
Troels Oerting, EC3
The benefits and drawbacks of encryption
However, he says the growing trend of companies such as Google and Facebook to encrypt internet communications by default is a double-edged sword.
“While on the one side encryption is a good thing – because it provides more protection for the individual and reduces the risk of crime – on the other side it makes our work very difficult,” he says.
“Because we cannot eliminate crime completely, we still need to access information online to determine who is a criminal and who is not, if we have a suspicion."
Oerting believes law enforcement will have to find a way around this impasse, either technically or through other means such as using more undercover operations to compensate.
“While it is not realistic to have legislation that prevents encryption – because you do want locks on the doors – sometimes law enforcement needs access to the keys.
“That is why I have been speaking out against irreversible encryption because, while encryption is necessary, if the police have a court order and go to a company, they should be given access to the encryption keys so they can look at particular communications data.”
Views have been polarised, but I am more concerned about how we are going to protect four billion innocent internet users
Troels Oerting, EC3
Snowden revelations demand public debate
Oerting says the issue needs to be opened up for public debate. Opinion is strongly divided after Edward Snowden's revelations of mass internet surveillance by the NSA.
“Views have been polarised, but I am more concerned about how we are going to protect the four billion innocent internet users from criminals if full anonymity is allowed online, which is not found in any other part of life,” he says.
Oerting says that, while everyone has a right to privacy, anyone breaking the social contract gives up that right, according to current laws and legislation.
“In the non-digital world, police are allowed to do to things like tap phones and bug rooms, so we need to extend those same rules and law enforcement capabilities to the digital world, to make it unattractive to be a cyber criminal, and this should of course only be used in a very targeted and proportionate way,” he says.
Otherwise, Oerting says cyber crime will simply proliferate out of control, because just about anyone can download malware that will enable them to target hundreds of thousands of people in 40 countries in 20 seconds without leaving home or requiring any technical knowledge.
In any democracy we need to make certain trade-offs and decide what we will accept as a society
Troels Oerting, EC3
Civil liberties compromise
He emphasises that law enforcement agencies policing cyber space in the EU do not want to spy on innocent citizens using the internet.
“We only want to have the possibility to be allowed to monitor activity carried out on the internet by suspected criminal elements and groups, based on a very limited and targeted approach, balancing the criminal offence and proportionality, just as we can in the off-line world,” says Oerting.
“The scale and impact of crime is becoming so much greater, which is why police need the means to make cyber-enabled crime less attractive. In any democracy we need to make certain trade-offs and decide what we will accept as a society,” he says.
In November 2014, just days into his post as the head of UK intelligence agency GCHQ, Robert Hannigan called for an overhaul of legal tools to help security and law enforcement agencies counter internet-enabled extremists.
He said large US technology firms had become the “command and control networks of choice” for terrorists and criminals, and the only way to meet this challenge was to come up with better arrangements for facilitating lawful investigation by security and law enforcement agencies.
Mandatory cyber-crime reporting
Looking ahead, Oerting believes the European Commission’s proposed directive on network and information security (NIS) will have a positive outcome for law enforcement.
“If the NIS directive is adopted in its current form, we will have, for the first time in Europe, mandatory reporting of cyber crime, which is still largely under-reported,” he says.
Oerting believes increased reporting will identify the different ways criminals steal personal data and intellectual property.
“This in turn will help individuals and organisations improve their cyber security, by identifying weaknesses in their systems and processes,” he says.
Oerting says richer datasets on cyber-enabled crimes will enable law enforcement officers to extend big data analysis to this type of crime, as well to identify useful links, trends and patterns.
“This will improve our capability to link crimes and identify who is behind certain types of malware, so we can target that infrastructure to have a bigger, longer-lasting impact and make it less attractive to enable cyber crime,” he says.
Most critical national infrastructure is no longer air-gapped because of the growing need to access systems remotely
Troels Oerting, EC3
The dangers to critical national infrastructure
The capability to use technology to identify attackers on the internet is important to keeping critical national infrastructure safe from attack.
“Most critical national infrastructure is no longer air-gapped because of the growing need to access systems remotely – but being online means such systems are open to attack,” says Oerting.
In July 2014, Symantec security researchers uncovered an Eastern European group, known as Dragonfly, targeting energy companies in Europe and North America. And in December 2014, Cylance security researchers issued an alert about an Iran-based group dubbed Tarh Andishan, that has been targeting oil and gas companies for the past two years in seven countries, including France.
“Analysis of attack data is vital to ensuring that key industries and energy suppliers are resilient enough to resist any cyber-based attempts to affect critical infrastructure,” says Oerting.
However, as with the military use of technology, law enforcement officers' growing capabilities with technology are no more important than the development of mechanisms for co-operation, says Europol advisor Alan Woodward, cyber security expert and visiting professor at Surrey University.
“Successes in this regard are also down to the fact that we now have a much higher level of European and international co-operation, with multinational taskforces sitting in The Hague in the Netherlands that can support national law enforcement officers in making arrests,” he says.
The US and UK are now starting to share intelligence with Cold War enemies such as Russia and China to defeat terrorism
Alan Woodward, Surrey University
The challenge now, says Woodward, is to strengthen co-operation in Europe and with the US, and extend that to include countries such as Russia and China.
“Steps are already being made in that direction, and I am encouraged by the fact that the existing model is working well,” he says.
“I can’t think of a government that does not recognise that it is in its own interest to take part in a collaborative approach."
When it comes to gathering intelligence, Woodward points out that, historically, Europe has not done this as a collective.
Intelligence tends to follow military lines, he says, and the main alliance that the UK has been involved in is the Five Eyes alliance with the US, Canada, Australia and New Zealand, which grew out of the relationship between intelligence services of allied countries during the Second World War.
“However, this strong alliance does not include Europe, so while the UK is very much part of a European collaboration in law enforcement, when it comes to intelligence gathering, a more national and historic perspective comes to bear,” says Woodward.
Although these relationships are different, he believes they are both important to keeping Europe safe, particularly as UK intelligence services – which have a lot of capability because of their history – are beginning to share data with countries other than traditional allies.
“For example, the US and UK are now starting to share intelligence with Cold War enemies such as Russia and China to defeat terrorism, which they would never have done before,” says Woodward.
“Cyber crime and cyber terrorism are common threats, which is driving world powers to get a lot closer on that front and put processes in place to make that collaboration a lot more effective.”
Surveillance needs to be done with consent
Alan Woodward, Surrey University
Technology keeps Europe safe
With the terrorist threat, Woodward says technology is being used quite effectively to keep Europe and other regions safe.
“Technology is being used to spot people who are being radicalised, but at the moment we are still falling down when it comes to the processes that back up the technology,” he says.
This is highlighted in the latest report by the UK’s cross-party Intelligence and Security Committee (ISC). The reports says Facebook knew one of fusilier Lee Rigby’s killers had discussed the murder with extremists.
“Facebook had closed down the account after its automatic systems had detected extremist content, but there was no feedback loop to appropriate authorities in the UK,” says Woodward.
He laments that whole area is getting bound up with the post-Snowden debate and the resulting calls for privacy and anonymity online.
“Like policing, surveillance needs to be done with consent, but the public needs to be made aware of the consequences of preventing the authorities from conducting surveillance where necessary,” says Woodward.
“Around 30 terror plots were foiled in 2014 alone, but the ability to do that will be severely limited if intelligence agencies are prevented from doing any surveillance at all.”
Surveillance is necessary for security, provided there are appropriate legal frameworks and oversight in place
Alan Woodward, Surrey University
Privacy and security
However, Woodward believes the call for total privacy and anonymity online is being led by a vocal minority, and the silent majority would rather be kept safe.
“Surveillance is necessary for security, provided there are appropriate legal frameworks and oversight in place – which, in the UK and much of Europe, we are very lucky that there is,” he says.
But, like Oerting and Hannigan, Woodward believes there needs to be a public debate on the issue to lend clarity on what kind of trade-off society is willing to make in the interests of security.
However, in terms of legal frameworks, to ensure organisations have a responsibility to keep personal data safe, he says Europe is leading the way.
“For anyone concerned about privacy, it is better to be inside the European Union than outside of it,” says Woodward.
And while seeking to drive greater privacy in Europe, the European parliament also looks set to support the greater use of technology to keep the region secure.
In December 2014, the Committee on Civil Liberties, Justice and Home Affairs adopted a resolution that calls for the new EU Security Strategy for 2015-2019 to be "easily adaptable to evolving situations" by focusing not just on existing security threats, but also on emerging dangers.
The resolution says cyber security is one of the priority areas where a holistic EU approach is needed, which could lead to more legal frameworks for further enabling technology to keep Europe safe.