The Nato Cooperative Cyber Defence Centre of Excellence believes international cooperation and cyber defence exercises are key elements in tackling the cyber threat.
While the private sector is focused on cyber crime, governments and international organisations such as Nato are defending against the growing cyber risks from state actors, according to Merle Maigre, director of the Nato cyber defence centre.
“But ultimately, these are just two sides of the same coin,” she told the Security and Counter Terror Expo in London. “We cannot separate the military and business cyber domains because they use the same components, protocols and technologies.”
Cyber operations play a key role in political and military intelligence-gathering and information operations, but in the world of conflict, cyber is just part of a bigger picture, said Maigre, a former national security adviser to the president of Estonia and policy adviser to the Nato secretary general in Brussels.
However, cyber attacks are now much more complex – with targeted assaults on critical national infrastructure, election hacking and the use of advanced persistent threats and ransomware – than they were in 2007, when waves of distributed denial of service (DDoS) attacks hit Estonia during a time of heightened political tension with Russia, she said.
“The attacks against Estonia 11 years ago were a wake-up call,” said Maigre. “They made people realise that attacks in cyber space can be just as serious as attacks in the physical world, and that what is happening in cyber space is very closely linked to other domains.”
Another positive result of the 2007 attacks, she said, was that they prompted the first public discussion on the possible impact of cyber attacks on national security, making citizens and, most importantly, the political leadership aware of the importance of international cooperation in cyber space.
“The Estonian government certainly learned the importance of international cooperation from first-hand experience in trying to stop the attacks, which involved computers located in 175 jurisdictions around the world all helping to halt the attacks, except for Russia,” she said.
Centre of excellence set up
A year later, the Nato Cyber Defence Centre of Excellence was set up in the Estonian capital of Tallinn, said Maigre. “Today the centre performs an important role in various international efforts, and from the original seven founding members, we have grown into a 20-nation organisation, including the UK.”
Those working at the centre are experts drawn from the legal, government, private and military sectors who are engaged in research, training and exercises in the areas of technology, strategy, operations and law, she said.
“As of January 2018, our centre is responsible for identifying the cyber defence operations’ training requirements and coordinating these across Nato member countries in the face of a global shortage of cyber security skills,” said Maigre.
Challenges include resource and talent constraints in the public sector, lack of cooperation between government agencies, poor cyber hygiene and low levels of cyber security awareness, she said.
“Political leaders like to state that cyber security is important, but are less forthcoming about why and how,” said Maigre, “It is really important to invest in training, skills and building cyber security capability, and one of the best ways of doing that is through cyber exercises.”
The Nato centre has experience of doing that at a strategic, operational and tactical level, said Maigre, and it hosted the first cyber crisis resolution tabletop exercise for EU defence ministers in September 2017.
“We received excellent feedback and the exercise was very well received, mostly because it combined cyber with strategic communications, crisis response and Nato-EU cooperation,” she said.
“These strategic-level exercises give high-level political decision-makers a better understanding of cyber security and what things they need to consider when making decisions related to resolving a cyber conflict.”
According to Maigre, such tabletop exercises provide an opportunity for decision-makers to practise the kind of coordination and coordination that is essential to ensure society keeps functioning when under cyber attack.
The exercises also help the participants to understand the interdependencies between the various agencies involved and the paths of communication between public and private agencies during a cyber attack. They also boost appreciation and understanding of the condensed timelines for reaching decisions in a cyber crisis.
“Ultimately, these exercises provide the opportunity for high-level leaders to think about strategic communication and information-sharing that needs to happen during cyber attacks,” said Maigre.
At the operational level, exercises are aimed at providing experience in real-time network defence to highlight interdependencies between civilian and military stakeholders, teaching them how to work together by boosting understanding of each other’s systems, and examining legal, diplomatic and media relations issues.
At the tactical level, Maigre said exercises are aimed at helping participants to understand how attacks are carried out, and are targeted at training penetration testers, digital forensics professionals and situational awareness experts.
“These exercises provide a unique opportunity for international teams to experience rapidly-evolving cyber security situations,” she said, adding that the Nato centre believes the key to success is understanding the big picture and not getting lost in the details.
“We need to put effort into international cooperation, and we need to invest in training and education because effective protection against cyber threats requires preparation, which requires knowledge, which needs practice, and practice is best in life-like environments,” said Maigre. “All in all, cyber security requires more discussions at the strategic level to ensure leadership by the decision-makers.”