Cyber Defense Is All About Political Decisions

One of the things democracies are least prepared to handle about a cyberattack is how quickly the response to it turns in to a a political controversey.

Defense officials responding to an attack quickly encounter bureaucratic roadblocks and geopolitical concerns they may be unprepared to navigate.
 
That was one of the main takeaways from a first-of-its-kind tabletop cyber exercise Estonia hosted in October.

CYBRID 2017 put European Union defense ministers in the hot seat as a fictional scenario “moved from a minor cyber incident up to a real blockade of communications systems that stopped a naval operation on the Mediterranean,” Estonian Defense Minister Jüri Luik said.

“At first, you were not able to recognise whether it was a cyberattack against just the personal computers of the people working there, or was it, for instance…a ransomware attack. And then it became more and more confusing,” Luik told reporters in Washington this week.

“There were more hacks, systems were down, computers stopped working, communications stopped working.”

“In the end, we ran into a situation where the whole military communications system was down, and the EU headquarters was not able to contact the ships on the Mediterranean, and there was no clear information about what had even happened to these ships. And from point to point to point, the ministers had to make a decision” about how to respond, he said.

The world hasn’t seen a “9/11-level” cyber incident yet, said Luik, whose country was on the receiving end of one of the most serious to date: A Russian attack in 2007 that shut down the country’s banks, media outlets and government websites. The events played out in CYBRID 2017 didn’t rise to that level either, but one of the things the exercise exposed was just how difficult it is to evaluate how bad things are.

“The biggest issue is that we have no baselines for such attacks,” Luik said. “Our capability to judge what has happened is very complicated, because we even don’t know what these terms mean — is it high-risk, is it low-risk? How do you assess the risk?”

That complicates a nation’s response. Something that can appear small, a seemingly random computer malfunction in an EU military office, can quickly “transpire into a strategic political issue,” said Kristjan Prikk, Estonia’s undersecretary for defense policy.
 
And when that happens, defense ministers have to “be willing to look into that, not on a technical level, but to understand what’s at stake and…tackle those at a strategic political level.”

The exercise revealed various roadblocks to effective response, including the reluctance to share information across political boundaries. Luik said there’s a natural hesitation to disclose vulnerabilities and talk openly about an attack, even among allies.

“The exercise showed us how demanding it is to communicate in order to pass the right information to the public in case of severe cyberattacks, especially on critical infrastructure,” German Defense Minister Ursula von der Leyen said after the exercise. It highlighted “how important the coordination of reactions on cyberattacks is. Coordination not only among EU member states but also amongst EU Institutions and also NATO.”

Once the decision has been made to involve other parties, whether that’s calling in treaty commitments for collective crisis management and security, or just informing critical infrastructure providers to be on alert, there’s still the question of how, exactly, to go about doing so.

So during CYBRID, Luik said, “the ministers had to answer the question, starting from, there is a drone above the EU international installation. Who has the right to shoot it down? Is it the host country or is it the international body? And ending with, the situation is so complicated we have to ask NATO for assistance: How would we do it?”

 “Let’s say you get attacked, a government facility gets attacked,” Luik said. “The immediate assumption would be that we should inform all the power stations, factories, etc., that this kind of attack took place.

“But … everything is classified. How do you share that information? And with whom? Whom do you call? The owners? The heads of the cyber defense units of those organisations?”

DefenseOne

You Might Also Read:

EU Nations Expand Their Cyber Defences:

US Is Not Drawing 'Red Lines' in Cyberspace:

 

« Maritime Cybersecurity: No Substitute for Testing
Thomson Reuters Create A Knowledge Meta-Graph »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

Information Security Research Group - University of South Wales

Information Security Research Group - University of South Wales

The Information Security Research Group has an international reputation in the areas of network security, computer forensics and threat analysis.

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Center for Medical Device Cybersecurity (CMDC) - University of Minnesota

Center for Medical Device Cybersecurity (CMDC) - University of Minnesota

CMDC’s mission is to foster university-industry-government partnerships to assure that medical devices are safe and secure from cybersecurity threats.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.

Rebellion Defense

Rebellion Defense

Rebellion Defense is a technology company developing advanced software to ensure mission-critical organizations stay ahead of emerging threats.