NATO Does Not Appear To Have A Clear Cyberwar Strategy

Uploaded on 2016-06-30 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

NATO commanders do not seem prepared to take aggressive countermeasures against low-level probes, espionage and cyber attacks. 

In the six months since part of Ukraine’s power grid came crashing down, turned off by highly sophisticated hackers, cyberspace allies of President Vladimir V. Putin of Russia have been leaving their mark here in the Baltics and across the sea in Finland and Sweden.

Perhaps to discourage the traditionally neutral Finns and Swedes from growing closer to NATO, this past week NATO conducted a naval exercise from Finnish territory for the first time, hackers disabled the Finnish Ministry of Defense’s website. That was preceded by electronic espionage against a Dutch commission that had concluded that a Russian-made Buk missile brought down a Malaysian airliner two years ago, killing 298 people. And Germany’s intelligence agency, the BND, recently told American officials that it believed Russian hackers had been behind a cyberattack that destroyed a German steel mill.

Here in Estonia, where NATO maintains a center to explore the alliance’s cyberspace vulnerabilities and potential responses to attacks, there is a widespread recognition that the Western alliance has yet to develop a strategy to counter Russia’s increasingly aggressive action in cyberspace.

While there are frequent conferences and papers, there are no serious military plans, apart from locking down the alliance’s own networks. Russia, China and Iran have increasingly sophisticated offensive cyber-forces; NATO has none, and no established mechanism to draw on United States Cyber Command or its British equivalent.

That stands in sharp contrast to NATO’s strategy for dealing with more familiar threats. The alliance is expected to agree at a summit meeting in July to deploy four battalions in Poland and the Baltic States to deter land invasions, though there is no agreement on who will supply troops for the fourth battalion. And it regularly rehearses the procedures for requesting that its nuclear-armed members roll out atomic weapons if a crisis erupts; those weapons are stored near NATO headquarters in Belgium, among other places.

Two years ago, NATO declared that it could rule a cyberattack on one of its member states to be the equivalent of an armed attack, which would lead to a commitment by all NATO members to respond.

But when it comes to deterring the kinds of low-level probes, espionage and attacks that flow through European computer networks every week, NATO commanders do not seem prepared to take aggressive countermeasures.

Jens Stoltenberg, the NATO secretary general, has taken a low-key, purely defensive view of what the alliance should do in cyberspace. In an interview with the German newsmagazine Der Spiegel last week, he talked of sharing information and expertise, but nothing of the kind of sophisticated probing and early-warning deterrence strategies that large and small powers have begun to develop.

In short, it sounded like a strategy from a previous age, before cyberattacks were regularly used as a weapon and as a tool of espionage.

James Lewis of the Center for Strategic and International Studies in Washington, who has written about how NATO could use offensive cyber-weapons, said there was “a huge reluctance to share capabilities.” The United States and Britain say little about their offensive cyber-weapon abilities, even to their NATO allies.

“The Russians get that,” Mr. Lewis said. “And they know that there is lots they can do without triggering any response.”

In part, that is because the Russians are experts at hiding their tracks. Almost all of the studies of the Ukraine power grid attack in late 2015, both unclassified and classified, have pointed to hackers in Russia. But American intelligence officials say they have never been able to track the blackout, which affected 225,000 Ukrainians, directly to Mr. Putin’s government, and probably never will.

Instead, American officials are giving cyber-utility firms and cybersecurity groups around the United States confidential presentations of an analysis of what happened to the Ukrainian utilities, as a warning of what could occur on home soil.

At United States Cyber Command, which has expanded rapidly since the United States carried out cyberattacks against Iran in 2010, Russia’s networks are a regular target of surveillance. By next year, Cyber Command will have more than 130 teams fully in operation around the world, integrated into Army, Navy, Marine and Air Force units, in addition to teams that work alongside the National Security Agency at Fort Meade, Md.

It has built up a vast early warning network, placing tens of thousands of “implants”, sensors that can also be used to insert malware, into networks around the world. But NATO is only beginning to explore what it delicately calls “active defense,” and says it is not focused on offensive cyber-weapons.

The Russians have no such compunctions. But it is unclear what Russian hackers hope to achieve here in the Baltics, other than to make the point, as they did in 2007 when they brought Estonia to an electronic halt, that they can get into any system, anytime.

“Whatever the Russians have in mind, mostly intimidation, it usually fails,” said Estonia’s president, Toomas Hendrik Ilves, who grew up in New Jersey before coming here to turn this small NATO country into a pioneer in introducing new web-based technology for governing a nation. The 2007 attacks backfired, he noted, because they drove Estonians far more solidly into the European and NATO camps.

In Sweden and Finland, neutral nations in the Cold War, the politics are more complex. As the NATO exercise began in Finland last week, the Finnish foreign minister was in Moscow, meeting his Russian counterpart, Sergey V. Lavrov.

The more Sweden and Finland turn to NATO, the more their networks, their news sites and their government ministries come under cyberattack. As Adm. John Richardson, the chief of United States naval operations, said at an event at the Council on Foreign Relations in May, “The fact is it’s a pretty hot war in the cyber domain going on right now.”

A hot war, but a kind that suits Russia well: It is part of what military strategists call “gray zone” combat. For Mr. Putin, cyberespionage and cyberattacks keep NATO and its partners off balance. They are enormously difficult and expensive to defend against, and, at least for now, they have operated below the line that is likely to prompt a military or economic response.

“It stays below the radar,” Martin Libicki of the RAND Corporation told a conference sponsored this month by the NATO cyber center here, officially known as the NATO Cooperative Cyber Defense Center of Excellence.

For the Russians, Mr. Libicki said, cyberespionage and weaponry are part of a larger strategy of information warfare and a blitz of propaganda that makes sorting out fact from fiction, say, the causes of the Malaysia Airlines crash in Ukraine, all the more difficult. But the attacks also remind the smaller nations here of their vulnerability, even if Russia’s troops stay on their side of the border.

So far, NATO has found few effective means of deterring attacks.

“The biggest problem in cyber remains deterrence,” said Mr. Ilves, the Estonian president, who has made the issue of avoiding cyber conflict one of the main themes of his time in office. “We have been talking about the need to deal with it within NATO for years now.”

His fear, he said, is that Russia or other cyber-attackers will soon move to the next frontier: subtle manipulation of data like medical records, the operations of weapons systems and navigation data.

But for now, Europe’s focus is on keeping its secrets safe and its weapons working. Germany issued a warning last month about Russian attacks; its Parliament was targeted last year in an operation that sought to install software that would have given Russia continuous access to the Parliament’s computer networks. Hans-Georg Maassen, the head of the German domestic intelligence agency, told The Financial Times that the Russians were “showing a readiness for sabotage.”

Now, Germany’s defense agency has done what NATO has not: It has started its own cyber-warfare unit.

NYT:  

 

« Intelligent Robots And Automation Encroaching On All Industry Sectors
China & US Are ‘Eliminating Dangerous Spying Phase’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

ActZero

ActZero

ActZero’s security platform leverages proprietary AI-based systems and full-stack visibility to detect, analyze, contain, and disrupt threats.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Lavabit

Lavabit

Lavabit's Dark Internet Mail Environment is a secure, open-source, secure end-to-end communications platform for asynchronous messaging across the internet.

CyberXposure

CyberXposure

CyberXposure has been built by a team comprising of Cyber Security Professionals and SAAS experts in data backup, disaster recovery and cyber-security.

Allure Security

Allure Security

Allure Security AI-driven brand protection scans more of the online world for faster, more accurate detection & removal of spoof websites, social media & mobile apps -- before customers fall victim.

Aspiron Search

Aspiron Search

Aspiron Search is a niche-focused Cybersecurity search firm that works exclusively with venture-backed Cybersecurity firms.

Airbus Protect

Airbus Protect

Airbus Protect is an Airbus subsidiary bringing together the Company’s expertise in cybersecurity, safety and sustainability-related services.