Atlantic Voices Vol. 5, No. 04 (april 2015)

Page 1

ATLANTIC TREATY ASSOCIATION

Volume 5 - Issue 4 April 2015

NATO’s Cyber Strategies and Wireless Warfare in the Information Age The space was once the stake of international competition as the one who has the ability to launch missiles far enough had the power to destroy their enemy. This discovery was followed by technological development, causing more and more uncertainty. Today, concerns have moved to the cyberspace. This virtual arena is the source of a new type of conflict where war is not declared, attackers are hardly identifiable and where skilled individuals can remotely disable a country’s infrastructures. Cyber attacks have raised new types of concerns that demand appropriate answers. Although using the cyber space to weaken an opponent is not a new practice, no appropriate answers have yet been found while government infrastructures remain especially vulnerable. Combined with other means, cyber attacks contribute to the development of a new sort of war, a hybrid combat where states are no longer the only protagonists. Power is now at the hand of any individuals with sufficient motivation and computer skills. - Flora Pidoux Atlantic Voices, Volume 5, Issue 4

Threats to the Cyberspace (Photo: Symantec ISTR)

Contents: NATO’s Cyber Strategies and Wireless Warfare in the Information Age Mr. Alexandru Moldovan analyzes NATO’s cyber security policy by underlining the major events that contributed to the current state of affairs.

Challenges To NATO’s Cyber Security And Where They Originate From Mr. Mikk Raud ‘s article focuses on the challenges that arise from cyber attacks which are more and more and difficult to deter or counteract.

What Cyber Changes: Using Ethics To Inform Mr. Henri Collis explores cyber attacks from an ethical perspective in an effort to analyse how attacks of this new kind should be answered to. 1


NATO’s Cyber Strategies and Wireless Warfare in the Information Age By Alexandru Moldovan

O

in September 2014. The Wales Summit Declaration

ur daily routines are becoming in-

contains explicit references to the increased importance

creasingly dependent on the ad-

that NATO gives to the cyber security domain together

vancements in information tech-

with a detailed plan for the future.

nology. Virtual reality already influences major as-

The Tallinn Manual, an international cyber law re-

pects of our lives, such as the economy, health and

search and education standard, defines a cyber attack as

education and it seems that it will not be long until

a “cyber operation, whether offensive or defensive, that

its influence will expand into our personal and na-

is reasonably expected to cause injury or death to per-

tional security. In the last years, we’ve witnessed a

sons or damage or destruction to objects.” Reinforcing

major increase in cyber attacks which have forced

the major damage that a cyber-attack can lead to, article

governments to make space on their agendas to en-

72 of the Wales Summit Declaration states that: “Their

sure the security of their public and private cyber

[ed. cyber-attacks] impact could be as harmful to mod-

networks.

ern societies as a conventional attack. We affirm there-

The first documented cyber war was fought during the Kosovo War. Between March 24, 1999 and

fore that cyber defence is part of NATO's core task of collective defence”.

June 10, 1999 operation Allied Force, a conventional

Allies need to clarify what potential cyber attack sce-

military operation, was conducted by NATO on the

narios would cross the Article 5 threshold, and specify

territory of Yugoslavia in order to stop the human

the member states’ duties in the case of a cyber attack.

rights abuses in Kosovo. During NATO’s military

Even though the moment when a cyber attack will lead

operations against Serbia, numerous pro-Serbian

to significant loss of human lives may seem a distant

hacker groups attacked NATO’s internet infrastruc-

future, it is clear that the risk must not be treated light-

ture. The hackers were aided in their goal of disrupt-

ly. As Professor Michael Schmitt, the Tallinn manual's

ing NATO’s war-fighting capabilities by Russian and

editor, stated, "I think just as a century ago we were

Chinese hackers. Their victims were, among others,

trying to understand how aviation would impact the

NATO’s server and NATO’s public affairs website

laws of war, today we are in great need of sorting

dedicated to the war in Kosovo. Containing briefings

through these issues in the cyber world today".

and news, the latter was inoperable for several days due to Distributed Denial of Service attacks. As a result, small but consistent steps were taken

This article details the strategic importance of having a cyber-strategy in place, and highlights the recent events that caused NATO’s concern.

by NATO to strengthen their digital defence, start-

Strategic Importance Of Cyber Strategies in

ing with the establishment of the Cyber Defence

Modern Warfare

Programme in 2002. The latest confirmation of these

In order to face the new emerging threats caused by

continuous efforts came at the NATO Wales Summit

the aggressive behaviour of Russia, the government of

Atlantic Voices, Volume 5, Issue 4

2


Lithuania decided in February 2015 to reintroduce com-

was made by Wittaker who differentiates between

pulsory military service. Despite this measure, new threats

cyber attacks and cyber crimes. While cyber crimes

were signalled by the President of Lithuania Dalia

are directed against individuals and companies, cyber

Grybauskaite in a public intervention in March 2015: “The

attacks are targeting public institutions and infrastruc-

first stage of confrontation is taking place - I mean infor-

ture.

mation war, propaganda and cyber attacks. So we are al-

A more in-depth classification is made by Schreier who distinguishes between cyber vandalism or “cyber

ready under attack.” Far from being singular, this type of unconventional

hacktivism”, cyber crime or internet crime, and cyber

attack was also recorded in 2007 when hackers attacked

espionage. The most dangerous one for governments

official state and bank websites in Estonia and in the 2008

is cyber crime which usually affects the banking sec-

Georgian War. The Estonian attack was attributed to

tor, financial institutions, and the corporate sector.

groups of Russian hackers even though the Russian author-

Government networks which hold classified data are

ities denied any involvement.

also affected, but less often.

According to James Sherr from

Cyber attacks can be clas-

Britain's Royal Institute of Interna-

sified as a form of international

tional Affairs, this new type of conflict

terrorism, and as a consequence

called hybrid warfare is “designed to

there is a need for a coordinated

cripple a state before that state even

international approach to address

realizes the conflict has begun”. Elabo-

such treats. Special characteris-

rating on the topic, Sherr adds that hybrid warfare “It is a model of war-

Phishing attacks are requesting you to divulge your password under false arguments (Photo: RealBusiness.co.uk)

fare designed to slip under NATO's

tics of cyber attacks which make them particularly dangerous are the difficulties that arise from

threshold of perception and reaction.” As Deputy Secre-

identifying their origin, nature and impact. It is in-

tary General Ambassador Alexander Vershbow said, we

deed easier for the cyber criminals to hide their origin

are facing a new facet of the ancient Trojan Horse tactic.

as attacks can be launched from anywhere in the

As cyber attacks usage intensifies, we need to look into

world. In these conditions, retaliation becomes prob-

the details of what constitutes a cyber attack and how

lematic because of the hardship of locating the attack-

NATO and its allies can capitalize on their experience to

er and identifying their intentions. The nature of the

ensure that accidents like these will never catch the Alli-

attack is also hard to define as attacks become more

ance on a wrong foot.

and more sophisticated. Taking into consideration the

Expending the Tallinn Manual definition of cyber at-

elaborate schemes of attack that are now developed

tacks, Wittaker defines them as “coordinated actions taken

by attackers, calculating the damage inflicted to the

against a state’s public institutions, digital infrastructure,

victim can become an intricate endeavor.

and its critical infrastructure through cyber space”. Since

Most common cyber threats can be used against a

there is no clear terminology that can be used to define

variety of information systems such as transportation,

cyber warfare, a range of different theoretical frameworks

telecommunication and power systems, and industrial

have attempted to explain this idea. A first classification

equipment. These threats can take the form of Au-

Atlantic Voices, Volume 5, Issue 4

3


thentication violations, Trojan Horses and Viruses,

Anders Fogh Rasmussen, former NATO Secretary

Malware, Spyware and Phishing, Sabotage, Fraud,

General, stated in June 2014 that the approach to

Insecure passwords, Denial of Service (DoS) and

cyber security that NATO has in place focuses on the

more modern threats such as Internet of Things. For

principle of collective defence, which does not fully

these general threats there are a number of solutions,

respond to the threat, leaving room for further im-

such as Antivirus software and firewalls, Cryptog-

provement when it comes to the details of the strate-

raphy, Risk analysis and Biometrics. However, we

gy. As Rasmussen presents the results of the discus-

need to keep in mind that every system has its own

sion held in Brussels on August 2015 with the Ameri-

hardware and software specificities that the attackers

can officials, “Our mandate is pure cyber defence,”

can exploit.

and “Our declaration is a start,” he said, “but I cannot

In order to respond to cyber crimes, cyber securi-

tell you it is a complete strategy.”

ty measures need to be put in place to ensure the

Before the Wales Summit in September 2014, ac-

“safety of the data flow in the global network system,

cording to Limnell, NATO had to face three key chal-

the protection of databases, of transac-

lenges: integrate cyber capabilities,

tions, of access to critical information,

update Article 5, and better coordinate

the protection of the integrity of the

national capabilities. Out of these chal-

national infrastructures, such as the tel-

lenges, the biggest one was: “[...] to

ecommunications and power sectors,

integrate cyber into a broader strategic

the protection of personal information

and operational concept, both in de-

of individuals, the protection of cyber

fence and offence.” This observation is

infrastructure with all its components

in line with one made by Rasmussen

etc.” as Hansen and Nissenbaum under-

who acknowledged that a global strate-

line in their analysis. Hence, cyber se-

gy is still under development.

curity should be seen as an enabler that secures our digital way of life. Everybody should take responsibility to pro-

NATO largest ever multinational cyber defence exercise is “Cyber Coalition 2014” launched on November 18, 2014. (Photo: NATO)

What led to the existing state of affairs is a series of events that continuously shaped NATO’s capabilities for

tect their private security and not treat this duty as a

fighting cyber crimes. In chronological order, the

burden.

concept of cyber security made its way on NATO’s

Historical Development of NATO’s Approach to Cyber Security The hybrid war gave the opportunity for cyber warriors and hackers to make use of their capabilities. Although many of their actions are condemnable, the end justifies the means in times of war as hackers see it. On the other hand, NATO has to deal with the problematic situation of how to make the best of its cyber capabilities while respecting international law. Atlantic Voices, Volume 5, Issue 4

agenda for the first time after the hacking incidents in the late 1990s that took place during the Kosovo War and consequently led to the start of NATO's Cyber Defence Programme. After the 2002 Prague Summit, initiatives were taken to establish the NATO Computer Incident Response Capability (NCIRC). With the New Strategic Concept developed by NATO in November 2010 at the Lisbon Summit, a cyber security objective was clearly formulated in the Summit’s 4


report. Enhancing the “ability to prevent, detect, defend

Another relevant aspect for the cyber security topic

against and recover from cyber-attacks, [...] and coordi-

is that the new cyber policy has given clarity to the

nate national cyber defence capabilities, bringing all

process the Alliance will use to invoke collective de-

NATO bodies under centralized cyber protection, and

fence while maintaining ambiguity about specific

better integrating NATO cyber awareness, warning and

thresholds as the Alliance’s ministers of defence

response with member nations” were the guidelines fol-

stressed. For reconstructing the process, firstly, the

lowed by NATO at the time. In 2011 a revised NATO

incident is analyzed at a technical level. If the incident

Policy on Cyber Defence was approved and by the end of

has political implications, the dossier if passed on to the

2012, the NATO Computer Incident Response Capability

Cyber Defence Management Board and from the De-

(NCIRC) was in place. The organisation is now under the

fence Policy and Planning Committee through to the

NATO Communications and Information Agency (NCI

North Atlantic Council, the principal political decision-

Agency), which monitors the IT infrastructure and re-

making body of the North Atlantic Treaty Organiza-

sponds to cyber threats and attacks. Other important

tion.

milestones for the organization are the creation of the

At the moment, it is very unlikely that the North

NATO Cooperative Cyber Defence

Atlantic Council would invoke

Centre of Excellence (CCDCOE) in

collective defence unless there

Tallinn, Estonia and the establish-

were significant damage and

ment of NATO Cyber-Defence

deaths, equivalent to kinetic mili-

Management Authority (CDMA) in

tary force. The criteria for deter-

2008.

mining whether an attack should

At this point it is important to

be viewed as an "armed attack”

underline that NATO’s cyber strat-

are not very clear but several indi-

egy is purely defensive. NATO’ members are still responsible for

The CCDCOE, NATO’s International Military Organisation to enhance the capability, cooperation and information sharing on cyber security (Photo: Valentina Pop )

cations can the traced through the literature.

developing their own national cyber defence capabilities

Jeffrey Carr, cyber security analyst and expert,

and must protect their own networks. At this level,

suggests six criteria for determining whether an attack

NATO’s role is to share expertise and information, pro-

should be viewed as an "armed attack”. These criteria

mote coordination and cooperation and facilitate the de-

are: severity, immediacy, directness, invasiveness,

velopment of national capabilities.

measurability and presumptive legitimacy. We can

Admittedly, the principle of collective defence and the

therefore treat a cyber attack as an armed attack if it

enshrined Article 5 still apply in the case of cyber attacks.

produces a great damage for a long duration and with

As a consequence, the question that can be asked is:

multiple effects, while crossing multiple physical or

“Would NATO go to war over a cyber attack invocation

digital borders and having an illegal nature. It is neces-

of Article 5”? To elucidate this matter, a decision as to

sary that the victims can quantify its harmful effects in

when a cyber attack would lead to the invocation of Arti-

order for the cyber attack to be considered an “armed

cle 5 would be taken by the North Atlantic Council based

attack”.

on a political decision taken on a case-by-case basis. Atlantic Voices, Volume 5, Issue 4

5


Future Development Possibilities in the Area of Cyber Security

case of cyber attacks. However, space for improvement still exists.

By analyzing the private sector, we can reveal the

There is a need for a revised legislation, like in the

positive impact that international standards for infor-

case of Article 5; transparent communication between

mation security like ISO/IEC 27001 and 27002 can

members and international needs to be improved;

have. Thanks to the best practices recommendations

global standards for information security should be

that are included in these standards it becomes easier

put in place. By solving all these issues, the process of

to manage the security efforts. A future development

integrating a standalone cyber strategy, the Alliance’s

could be the adaptation of such a standard by NATO.

global military strategy will be much easier.

Another aspect that needs to be taken into consideration is the lack of transparency from the members

About the author

of the Alliance when it comes to the offensive cyber

Alexandru Moldovan is currently an IT and Busi-

capabilities that they have at their disposal. Coupled

ness Process Management MSc student with a multi-

with the lack of any cyber offensive plans made by

disciplinary background in IT, Communication, Pub-

NATO this impediment can negatively influence the

lic Relations and Human Resource Management. He

overall cyber capabilities of the Alliance.

is currently interested in IT, cyber security, sustaina-

One more area that can be improved is the legisla-

bility, and has previously explored coaching solutions

tion. NATO hinges to a large extent on legislation

for human resource professionals. His professional

and any gap in it could potentially be dangerous for

background includes rich participation in non-

the proper functioning of the organization. A good

governmental organizations that delivered non-formal

starting point for improvement would be a better def-

educational projects to youth.

inition of the concept “armed attack” in the context of cyber conflicts. Further developments could be an increased number of common exercises, strengthening of the partnership with the private sector or an increased budget for research and development. Conclusion NATO’s cyber capabilities have evolved continuously since the Kosovo War. While the current tactics describe a defensive thinking, we cannot talk at the moment about a complete cyber security strategy at the Alliance level. Nevertheless, NATO made some important steps by acknowledging the role of cyber security, founding NCIRC and similar dedicated institutions, and setting up a clear chain of command in Atlantic Voices, Volume 5, Issue 4

Bibliography Andra, A. (2012). Cyber Security: An Important Dimension of Romania’s National Security | Center for European Policy Evaluation on WordPress.com. Retrieved March 29, 2015, from http:// cepeoffice.com/2012/08/20/cyber-security-animportant-dimension-of-romanias-national-security/ Carr, J. (2010). Inside Cyber Warfare: Mapping the Cyber Underworld. O’Reilly. Collier, M., & Sibierski, M. (2015). NATO allies come to grips with Russia’s “hybrid warfare” - Yahoo News. Retrieved March 30, 2015, from http:// news.yahoo.com/nato-allies-come-grips-russiashybrid-warfare-182821895.html Cyber Attacks Against NATO, Then and Now. (n.d.). Retrieved March 29, 2015, from http:// www.atlanticcouncil.org/blogs/new-atlanticist/ cyber-attacks-against-nato-then-and-now Hansen, L., & Nissenbaum, H. (2009). Digital Disaster, Cyber Security, and the Copenhagen School. International Studies Quarterly 53, 1156. Healey, J., & van Bochoven, L. (2011). Issue 6


Brief, 1–12. Holly, E. (2015). Top 5 cybersecurity risks for 2015. Retrieved March 30, 2015, from http:// www.cnbc.com/id/102283615 Ilves Hendrik, T. (2013). Cybersecurity: A View From the Front - NYTimes.com. Retrieved March 29, 2015, from http://www.nytimes.com/2013/04/12/ opinion/global/cybersecurity-a-view-from-thefront.html?pagewanted=all Jordan Tothova, K. (2014). Would NATO Go to War Over a Cyberattack? | The National Interest. Retrieved March 29, 2015, from http:// nationalinterest.org/feature/would-nato-go-war-overcyberattack-11199 Libicki, M. C. (2012). Cyberspace Is Not a Warfighting Domain. Journal of Law and Policy, 8, 325–336. Limnell, J. (2014). The Three Cyber-Security Challenges Facing Nato. Retrieved April 2, 2015, from http://www.ibtimes.co.uk/three-cyber-securitychallenges-facing-nato-1460995 NATO. (2010). Strategic Concept For the Defence and Security of The Members of the North Atlantic Treaty Organisation, 5. NATO - News: Preparing for tomorrow: cyber defence and the New Strategic Concept, 10-Oct.-2011. (n.d.). Retrieved March 29, 2015, from http:// www.nato.int/cps/en/natohq/news_77515.htm? selectedLocale=en NATO - Official text: The North Atlantic Treaty, 04Apr.-1949. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natolive/ official_texts_17120.htm NATO - Official text: Wales Summit Declaration issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in Wales , 05-Sep.-2014. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natohq/ official_texts_112964.htm NATO - Opinion: Press Conference by NATO Secretary General Anders Fogh Rasmussen following the meeting of the North Atlantic Council at the level of Heads of State and Government during the NATO Wales Summit, 05-Sep.-2014. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natohq/ opinions_112871.htm NATO - Topic: The consultation process and Article 4. (n.d.). Retrieved March 29, 2015, from http:// www.nato.int/cps/ro/natolive/topics_49187.htm NATO Topics - NATO and the Scourge of Terrorism. (n.d.). Retrieved March 29, 2015, from http:// www.nato.int/terrorism/five.htm Risen, T. (2014). Cybersecurity Remains a Gray Area for NATO - US News. Retrieved March 29, 2015, from http://www.usnews.com/news/articles/2014/08/14/ cybersecurity-remains-a-gray-area-for-nato Atlantic Voices, Volume 5, Issue 4

Sanger, D. E. (n.d.). NATO Set to Ratify Pledge on Joint Defense in Case of Major Cyberattack - NYTimes.com. Retrieved March 29, 2015, from http:// www.nytimes.com/2014/09/01/world/europe/nato -set-to-ratify-pledge-on-joint-defense-in-case-of-major -cyberattack.html?_r=0 Schreier, F. (2012). On Cyberwarfare, (7), 1–133. Section, P. diplomacy division (PDD)-press and media. (2013). NATO Cyber Defence, (October). Tallinn Manual Process | CCDCOE. (n.d.). Retrieved March 29, 2015, from https://ccdcoe.org/ tallinn-manual.html The statement recently: the real THREAT from Russia. Lithuania has already appealed" - News Round. (n.d.). Retrieved March 29, 2015, from http://newsround.com/the-statement-recently-the-real-threatfrom-russia-lithuania-has-already-appealed/ Vipin, K., Lazarevnic, A., & Srivastava, J. (2005). Managing Cyber Threats. Issues, Approaches, and Challenges. New York: Springer. Wittaker, J. (2004). Cyberspace Handbook. New York: Routledge. Woudsma, P. (2012). Cyber Defence: A Major Topic in NATO’s Transformation. Retrieved March 30, 2015, from https://www.act.nato.int/article2013-1-15 Yost, D. S. (2013). Nato Review. Retrieved March 29, 2015, from http://www.nato.int/docu/ review/2003/issue4/english/art4.html

7


Challenges to NATO’s Cyber Security and Where They Originate From By Mikk Raud

It is serious. If a business gets attacked, it can go under. If our systems at NATO fail, people may die.” This is how Ian West, head of the NATO

Communications and Information Agency (NCIA) Cyber Security Service Line describes his everyday job of responding to cyber attacks launched against the Alliance. Numerical data is somewhat intimidating, as NATO’s computer servers identify 200 million suspicious cyber activities per day and counter on average five major malicious attempts per week. Luckily, such endeavours have been ineffective and thus hardly reach the news.

Nature Of Cyber Attacks Determines NATO’s Focus Whereas the Tallinn Manual’s definition of a “cyber attack” assumes it to cause injury or death to persons or damage or destruction to objects, NATO has adopted a lower threshold by describing cyber attack as “action taken to disrupt, deny, degrade or destroy information resident in a computer and/or computer network, or the computer and/or computer network itself”. This seems reasonable for addressing more realistic everyday threats, as even though many analysts have continuously anticipated a “Cyber Armageddon” where massive disruptions of

Next to NCIA, which plans and implements all administrative activities for the Alliance’s cyber security and responds to cyber attacks, one needs to appreciate the NATO

Computer

Incident

Response

Capability

(NCIRC), which provides general defence to NATO’s networks. Having managed to absorb the attempts of infringing its own networks so far, the Alliance has shown that cyber defence is clearly a priority. Yet, technology develops on a daily basis, providing the malicious actors a chance to deploy growingly sophisticated attacks. In order not to fall behind in the increasingly evident cyber race, NATO needs to clarify its role in different types of cyber attacks and determine who and for which motives poses the biggest cyber threat to the Alliance. This paper anal-

critical infrastructure result in chaos and shake the world’s stability, nothing comparable has ever occurred. Though never beyond doubt, even NATO’s possible enemies mostly adhere to proportionality, distinction and other principles of just war, making it unlikely to see a state-actor carrying out such an attack even during physical warfare, let alone in peacetime. Hardly anyone would benefit from a complete breakdown of the society, except for extremely backward movements, which fortunately possess little adequate capabilities. Therefore, one can rather expect to continue seeing specifically targeted attacks with a narrow focus of imposing political influence, obtaining financial benefits or committing industrial espionage.

yses both issues and argues that threats to NATO’s cyber safety, which mostly originate from state-actors, can be

Starting with Estonia in 2007, several member states

best countered through efficient information sharing and

have experienced violations of their computer networks,

equalizing member states’ cyber capabilities.

initiating a debate on what type of attacks exactly belong to NATO’s responsibility. The Wales Summit Declaration provides that “the fundamental cyber defence responsibility of NATO is to defend its own networks.” Thus, it

Atlantic Voices, Volume 5, Issue 4

8


is necessary to distinguish attacks against individual

Terrorists and Criminals: Testing NATO’s Cy-

member states from those against the Alliance.

berspace?

Hence, despite affirming the validity of collective de-

Ian West has noted that more than 95% of the

fence in cyberspace, the Declaration clearly stipulates

cyber attacks NATO absorbs can be categorized as

that the Allies must develop their independent capa-

criminal activities, which do not attempt to cause

bilities for protecting national networks. For exam-

physical harm, but aim to steal sensitive data. Addi-

ple, inter-private affairs, such as industrial espionage

tionally, according to Jamie Shea, the Deputy Assis-

against a member state have already earlier been said

tant Secretary General for Emerging Security Chal-

not to belong to NATO’s respon-

lenges at NATO, the Alliance’s

sibility.

everyday challenges are emails with infected attachments, probes

For more severe cases, the

searching for vulnerabilities, or

underlying question is how and if

denial of services attacks, which

the Alliance should support its

do not differ much from the at-

members and whether Article 5 should be invoked or not. The Wales Summit Declaration rati-

tacks conducted against banks, Despite the threat of a cyber-war, NATO's focus should remain on defensive capabilities (Photo: The Times)

fied that a significant cyber attack can invoke a response through Article 5, with the final right of adjudication left to the North Atlantic Council on a caseby-case basis. It is reasonable to expect that the extent

companies, scientific laboratories

and regular citizens. Therefore, as NATO’s networks face similar threats as those of the member states, it is important to understand where the threats come from and tackle them together.

of a cyber attack triggering Article 5 must certainly

Resulting from various infamous attacks, some

involve physical damage and mass casualties – a sce-

assume that terrorists should also be most feared in

nario, which despite its intriguing nature is unlikely

cyberspace. Indeed, only irrational actors could carry

due to the incomprehensible consequences it would

out an attack against critical infrastructure, such as a

bring to each actor. Thus, even though it is important

nuclear facility to purposely cause mass casualties.

to continue developing the readiness of cyber-war,

Since most extremists’ ultimate goals justify the

NATO should primarily ensure the safety of its own

means, they are perhaps the actors dreaming of such

networks, which it has done well so far, and engage

cyber doomsday. Soon after the US started the air

into equalizing the member states’ individual capabili-

campaign against the Islamic State, the group prom-

ties through well-coordinated information and

ised to develop a “cyber caliphate” to execute large-

knowledge sharing. After all, just like in conventional

scale hackings against the West, including NATO.

battlefields, the heavyweight must be born by the

Some of their endeavours have been successful, for

member states – the Alliance is an institution to or-

example infringing the US Central Command’s Twit-

ganize cooperation between the members and offer

ter account, or thousands of French websites after the

assistance to those in need.

Charlie Hebdo attack. While these small-scale defacements and denial of service attacks give enough reasons to remain cautious, surveys show little evidence

Atlantic Voices, Volume 5, Issue 4

9


anything significantly more destructive could be execut-

the general insufficient action to limit illegal activities

ed. Whereas terrorists undoubtedly belong to the con-

in cyberspace, thus allowing terrorists and cyber crimi-

cern group, much simpler means to cause mass casualties

nals take advantage of the existing network infrastruc-

exist and therefore it is questionable how motivated such

ture. Even though the situation is better controlled

actors are to develop more sophisticated cyber skills.

inside NATO, many attacks still originate from within

Also noteworthy next to terrorists are the increasingly

the Alliance, showing that unsatisfactory regulation of

professional cyber criminals, who can cause greater harm

the internet is a universal problem. Secondly, despite

due to clear focus and more elaborate strategies. The an-

the issue of attribution, which can often be used as a

nual report of the National Cyber Security Centre of

defence, it has been proven that many malicious actors

Netherlands identifies the criminals’ ultimate motivation

are financed and employed by state entities. The coun-

as earning money through conducting attacks themselves

tries immediately coming to mind are China and Rus-

or offering services to less proficient actors. Their usual

sia, often referred to as the major threats to global

methods include financial fraud through placing malware

cyber stability, while Iran, Syria and North Korea have

to the victim’s systems, while trying to

been walking a similar path.

avoid the authorities by using border-

Although these countries do

crossing internet or host servers which

not hide their non-aligning

ensure their anonymity. Therefore, the

views towards the Western

more efficient the internal coordination

internet standards, such as free-

and information sharing between

dom of speech or the applica-

NATO members is, the more difficult it becomes for such actors to harm both

bility of international law to China's People's Liberation Army during a cyber drill (Photo: NATOSource)

cyberspace, none has ever ad-

the Alliance and member states. Assuming that the adopt-

mitted involvement in any cyber attacks. Yet, there is

ed policies in the New Enhanced Cyber Defence Frame-

evidence to connect numerous attacks with a respec-

work, including a streamlined cyber defence governance

tive state-actor. The following will shed light on some

will become a reality, the criminals will increasingly have

of the most vivid examples.

to target individuals and companies paying too little at-

To begin with, a US cyber security firm Mandiant

tention to their cyber security, rather than an alliance like

has shown that China’s military units have been direct-

NATO, which has so far managed to shield all intentions

ly involved in years of large-scale cyber espionage

of the criminals.

against the West, including NATO members. Whereas

State-Actors as the Leading Cyber Threat Despite the rather slim chance of an explicit cyber conflict between states, the analysis now turns to stateactors, which are still the largest threat to the Alliance’s cyberspace, as also noted by a Senior Fellow in the NATO Cooperative Cyber Defence Centre of Excellence, Dr Rain Ottis. Firstly, a smaller issue arises from Atlantic Voices, Volume 5, Issue 4

the most well known example is stealing America’s most expensive military investment, the F-35 stealth fighter’s designs, the Chinese government has also been heavily suspected of inducing Chinese telecom companies such as Huawei to place backdoors into their products to ease cyber attacks against countries buying the respective devices, or simplify gathering economic or military intelligence. Yet, while China has 10


obtained most of the attention, some analysts consider its

already have the necessary skills. Moreover, being able

reason to be that the others just do not get caught

to hamper someone’s network does not necessarily

enough. Indeed, a fresh US threat assessment report

improve the ability to protect one’s own. Thus, the

warns that the threat from Russia is strongly underesti-

Alliance’s focus shall remain on the defensive side,

mated, bringing examples of more sophisticated and

dominated by multi-layered cooperation between

stealthier cyber attack methods than China has ever used.

states and private institutions together with moral and

Knowingly, Russia has most likely funded the attacks

political pressure on the respective states to withdraw

against Estonia, Georgia and Ukraine, while having re-

from undesired cyber acts.

cently found a new partner named CyberBerkut – a proKremlin group of Ukrainian origin, which specifically targets NATO and its allies, most lately in this March. Besides these two players, another US cyber security firm Cylance has deemed Iran as the “new China” by disclosing the so-called Operation Cleaver that has allegedly stolen myriads of data from all over the world, following the upsurge in offensive cyber capabilities after suffering from Stuxnet a few years ago.

Conclusion While the recent policies have addressed the right concerns, there is still a degree of uncertainty in NATO’s role in organising comprehensive cyber defence. NATO’s own networks have been prioritized and thus seem well protected. However, NATO consists of 28 member states, and similarly to conventional armed forces, not every ally possesses equally advanced cyber capabilities. While the chance of a cyber-war

Whereas the state-actors might be motivated to test

between NATO and its possible adversaries is rather

the Alliance’s unity and Article 5’s threshold, one can yet

slim, acts of espionage and cyber crime are the accessi-

again observe that causing physical harm has not been the

ble methods to various state-actors not having to fear a

main purpose of the attacks. Rather, widespread cyber

unified response. While obtaining adequate cyber skills

espionage aims to gain economic advantage or access clas-

belongs to each member’s own responsibility, the mu-

sified military information, whereas disrupting the nor-

tual threats against the Alliance and the member states

mal functioning of either NATO’s or its members’ net-

create a clear incentive to further intensify collabora-

works attempts to show political or ideological protest

tion and equalize the members’ capabilities. The Alli-

against the Alliance’s actions. The latter type of attacks

ance is as strong as its weakest link, which the cyber

are often concurrent with important events, such as the

adversaries are bound to take advantage of once the

parliamentary elections in Ukraine last March, or the

chance occurs.

NATO Wales Summit, during which the strength of NATO’s networks was repeatedly tested. Such challenges to NATO’s readiness are not expected to decrease and

About the author

have raised the discussion of whether the Alliance should

Mikk Raud is a third year student at the University of

also develop offensive cyber capabilities to tackle the

Hong Kong, where he is obtaining a Bachelor’s degree

threats more effectively. However, as Dr Ottis has ex-

in Government & Laws. Prior to starting his current

plained, just like the Alliance does not have nuclear weap-

exchange semester at Tsinghua University, Mr. Raud

ons or aircraft carriers, it is also not reasonable to build

completed an internship at the Estonian Embassy in

offensive cyber capabilities, since several member states

Beijing. He is also currently involved in a research pro-

Atlantic Voices, Volume 5, Issue 4

11


ject on China’s cyber capabilities, strategies and organisation in cooperation with the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

Indicators." Mandiant. 18 Feb. 2013. Web. 3 Apr. 2015. Morgus, Robert. "NATO Tries to Define Cyber War." Real Clear World. 20 Oct. 2014. Web. 3 Apr. 2015.

Bibliography

Nakashima, Ellen. "Confidential Report Lists U.S. Weapons System Designs Compromised by Chinese Cyberspies." Washington Post. 27 May 2013. Web. 7 Apr. 2015.

"Cyber Definitions." NATO Cooperative Cyber Defence Centre of Excellence. 2015. Web. 3 Apr. 2015.

Ottis, Rain. "Interview on Possible Cyber Attackers." E-mail interview. 25 Mar. 2015.

"Cyber Security." NATO Communications and Information Agency. 2014. Web. 3 Apr. 2015.

Pinto, Delwyn. "Sandworm : Russia Backed Cyber Criminals Targeted EU, NATO." TechWorm. 14 Oct. 2014. Web. 3 Apr. 2015. Schmitt, Michael N. Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge UP, 2013. p. 92. The World in 2020 – Can NATO Protect Us? The Challenges 
 to Critical Infrastructure. Rep: NATO Emerging Security Challenges Division. 10 Dec. 2012. Web. 3 Apr. 2015.

"Cyber Security." NATO. 19 Jan. 2015. Web. 3 Apr. 2015. "NATO Websites Targeted in Attack Claimed by Ukrainian Hacker Group Cyber Berkut." ABC News. 16 Mar. 2014. Web. 3 Apr. 2015. "Wales Summit Declaration." NATO. 5 Sept. 2014. Web. 3 Apr. 2015. Ames, Paul. "NATO Faces About Ten Serious Cyber Incidents Each Month." Atlantic Council. 23 May 2014. Web. 3 Apr. 2015. Cendrowicz, Leo. "Nato Frontline in Life-or-death War on Cyber-terrorists." The Guardian. 30 Oct. 2014. Web. 3 Apr. 2015. Charlton, Corey. "Islamic State Jihadists Planning Encryption-protected 'cyber Caliphate' so They Can Carry out Hacking Attacks on West." Daily Mail. 11 Sept. 2014. Web. 3 Apr. 2015. Clapper, James R. Worldwide Threat Assessment of the US Intelligence Community. Rep: Senate Armed Services Committee, 2015. Web. 7 Apr. 2015. Cyber Security Assessment Netherlands 2014, Na onal Cyber Security Centre. 2014. Gady, Franz-Stefan. "Russia Tops China as Principal Cyber Threat to US." The Diplomat. 3 Mar. 2015. Web. 7 Apr. 2015. Jones, Sam. "Nato Summit on ‘high Alert’ for Cyber Attack." Financial Times. 3 Sept. 2014. Web. 3 Apr. 2015. Krause, Hannes. "NATO on its way towards a comfort zone in cyber defence." The Tallinn Papers (2014). Limnell, Jarno. "NATO’s September Summit Must Confront Cyber Threats." Breaking Defense. 11 Aug. 2014. Web. 3 Apr. 2015. Mcwhorter, Dan. "Mandiant Exposes APT1 – One of China’s Cyber Espionage Units & Releases 3,000 Atlantic Voices, Volume 5, Issue 4

12


What Cyber Changes: Using Ethics to Inform By Henri Collis

W

ith cyber security making head-

definition of an act of force entails that the attack must

lines with stories that features

cause physical or personal damage. When considering

rogue states, Hollywood and

the potential impact of a cyber attack, this definition

the US Federal Government, it has never been more

would appear to exclude an attack on the financial sec-

high profile. This is symptomatic of the fact that, as

tor; but such an attack might have the potential to

the world becomes more connected, the type and

cause immeasurable economic damage to a nation, sup-

volume of information stored and transmitted is ex-

porting the strategic aims of their adversary in a conflict

panding in a way that introduces new risks and a fresh

but still not crossing a legal threshold that allows for a

set of considerations for defence and security. Under-

response.

standing how the game has changed is, however, frag-

NATO's own Cooperative Cyber Defence Centre of

mented and addressing these risks requires grasping

Excellence in Tallinn convened a group of experts in

not only the implications of cyber war in an opera-

2013, producing a 300-page tome to help doctrine-

tional sense, but also its complex relationship with the

writers, advisors and decision makers understand this

evolving nature of conflict.

complex domain. The discussions about the nature of

As the ways and means for cyber offence and de-

conflict have examined the interplay of law and ethics,

fence have multiplied, there has been realization for a

looking at concepts such as aggression, discrimination,

need to consider the ethical implications of its use.

proportionality and attribution – the bread and butter

Indeed, extensive debates have taken place about how

of the law of armed conflict.

conflict may proceed in cyberspace. Examining this through an ethical lens seeks to understand how considerations of what is just and fair can be incorporated in the debate on cyber security. Implications at the Operational Level

Beyond the Cyber Domain: Hybrid Warfare Analysis of how ethics applies to cyber operations is focused on the technical application of cyber means themselves, but in reality the cyber domain is considered as one tool among others for affecting an adver-

Understanding whether there are direct legal cor-

sary. In this sense, the emergence of new technology is

ollaries between conventional and cyber conflicts is,

not the only driver of change; the first decade and a half

fraught with difficulty. Some discussions are straight-

of the 21st century has seen new ways of integrating

forward, e.g. a cyber attack that uses network infra-

different domains of interstate competition and influ-

structure in a neutral country as a proxy is akin to

ence to project power, challenging the way military

using their airspace for unauthorised overflight, which

strength is considered and used.

would be illegal under international law. Other legal

While cyber attack is only one among multiple ele-

definitions are harder to transpose. For example, the Atlantic Voices, Volume 5, Issue 4

13


ments in this new, blended or ‘hybrid’ approach, its flexi-

tion between state and non-state adversaries now sees

bility and ubiquity means it can be employed in various

military, informational, and electronic means being

ways throughout this type of campaign - using proxies to

directly used to create political outcomes. This differs

manipulate opinion through cyber-enabled information

from a traditional concept of war whereby states seek

operations or denying communications infrastructure to

to set military or security conditions for a political re-

inhibit decision making. The key point when examining

sult.

the ethics of using cyber means to project power in this

This shift in the nature of conflict, described by Em-

way, is that any response does not necessarily have to be

ile Simpson in War From the Ground Up, has been

via cyber means.

brought to light by understanding the complexity of

Retaliation can however take different forms, from

counterinsurgency over the last 15 years. This was ob-

the projection of soft power, or political leverage through

viated by NATO’s experience in Afghanistan where the

international fora, to conventional kinetic operations. A

simple and traditional 'bi-polar' model of two states

response through other means, however, is still governed

confronting each other no longer applied. The conflict

by the Law of Armed Conflict so principles such as dis-

can be viewed as highly fragmented and exploited by

crimination and proportionality must be carefully consid-

actors at multiple levels for various political and eco-

ered. But determining what is proportional when trans-

nomic goals. In some cases these actors opportunisti-

posing actions from the cyber domain to political or ki-

cally adopted the language and activity of insurgency,

netic actions again raises a set of complex legal questions.

as if it were a franchise that they could buy into. Exter-

Moreover, the principle of attribution is particularly fraught with difficulty in cyber space and the problem of correctly identifying the perpetrator of an attack has already inhibited the actions of nations suffering a cyber attack, this is compounded by the use of proxies as well

nally this had the effect of making the insurgency appear more coherent and unified than it really was, when in fact many of the groups conducting operations at a local level were not motivated or controlled by a centrally administered Taliban.

as the spontaneous actions of motivated citizens. The re-

This analysis of what was a relatively low-tech con-

sult is a diminished ability to quickly and accurately at-

flict might seem a long way from cyber warfare, but

tribute cyber attacks, meaning the ethical basis and legali-

assuming that states are currently unlikely to engage

ty of any response is undermined. This challenges the

overtly in activity that crosses thresholds for armed

principles of what good conduct looks like in a reconsti-

attack, which provoke a stronger response, then the

tuted form of conflict that crosses different domains, and

issue of attribution elevates the role of cyber warfare as

demands reconsideration of the ethical and underlying

an integral part of how they compete - utilizing a dif-

legal questions. .

fuse, unattributable set of actors for its execution akin to the franchisees in an insurgency.

An Evolved and Perennial Competition At a further level of abstraction these questions of attribution are key to understanding how concepts of cyber defence are part of a more fundamental evolution in the nature of conflict and interstate competition. CompetiAtlantic Voices, Volume 5, Issue 4

The shift from something recognizable as bi-polar interstate warfare to fragmented and lower level struggles in this way describes a type of conflict that blends violence or the threat of violence, with other domains 14


such as cyber attack and challenges where the bounda-

tion the better.

ry for something recognisable as war now lies. It

In the short term this calls for alliance members to

brings a new level of uncertainty and raises the likeli-

engage in national and international exercises with both

hood of a new type of security challenge for NATO to

military and civilian agencies to simulate the kind of

address, i.e. a conflict that is protracted and perennial

practical complexities and ethical dilemmas that might

but falling short of open hostilities that would clearly

arise. There is also a need to test readiness of cyber

be subject to the law of armed conflict.

defences and drive coordination between allies to build

Conclusion This shifting of traditional boundaries and reconsideration of conflict highlights the ethical questions

a more resilient cyberspace that further enhances deterrence by denying the potential benefits of aggression or interference.

around the use of cyber means; uncertainty around

If the Alliance challenges itself in this way it can help

ethical use becomes amplified in this context. In this

identify where and how systems can be improved, de-

mix, it is essential for policy makers to grasp these

fine the interplay between different elements and do-

debates, to understand how and why the boundaries

mains of conflict, but also obviate where skills need to

around where a conflict begins and what it looks like

be developed to support long term improvement.

are changing, and to see cyber in as wide a context as

These are big questions and the debates around them

possible to understand the full spectrum of its impact.

have a long way to go.

Despite the complexity around the use of cyber in

Understanding the nature of how conflict has

this type of conflict, the simple answer is to improve

changed will not only inform those debates on an ethi-

the cyber security and information assurance of states

cal and institutional level, but will also inform what is

and their allies to deny adversaries benefits in the

needed for an effective policy response on a practical

cyber domain. NATO members, however, have dif-

level.

ferent levels of ability in this regard. The creation of pan-Alliance standards through the NATO Defence Planning Process and the sharing of best practice from technology to policy have begun and these must be followed-through to ensure all members reach a secure baseline of protective and defensive measures. Nonetheless, policy makers need to prepare for the complex ethical dilemmas raised by the potential need to respond to a cyber attack as part of a more ephemeral but enduring conflict. When this emerges decisions will need to be made quickly, meaning there can be little time for lengthy debate - the more thinking and preparation can be done ahead of a real situaAtlantic Voices, Volume 5, Issue 4

About the author Henry Collis works at the UK Cabinet Office. His previous experience includes spending three years at HQ ISAF in Kabul as an assessment analyst and seven years working across the middle east as an analyst and consultant. He was a UK Delegate to the NATO Future Leaders Summit in Wales in 2014.

Bibliography Emile Simpson, War From The Ground Up, Columbia University Press, 2012. Tallinn Manual on the International Law applicable to Cyber Warfare, Cambridge University Press, 2013: https://ccdcoe.org/tallinn-manual.html

15


Atlantic Voices is the monthly publication of the Atlantic Treaty Associa-

ATA Programs On April 28th the NATO Council of Canada will host a conference on Women,Peace and Security in cooperation with the Royal Canadian Military Institute. Speakers include: NATO’s Special Representative for Women,Peace and Security, Amb Marriet Schuurman; Hon. Mobina Jeffer, US Senator; and Almas Jiwani, President at the UN Women Canada National Committee.

tion. It aims to inform the debate on key issues that affect the North Atlantic Treaty Organization, its goals and its future. The work published in Atlantic Voices is written by young professionals and researchers. The Atlantic Treaty Association (ATA) is an international nongovernmental organization based in Brussels working to facilitate global networks and the sharing of knowledge on transatlantic cooperation and security. By convening political, diplomatic and military leaders with academics, media representatives and young professionals, the ATA promotes

The Bulgarian Euro-Atlantic Youth Club has the pleasure of invit-

the values set forth in the North Atlantic Treaty: Democracy, Freedom,

ing participants to the Second NATO Summer School 2015, which is a

Liberty, Peace, Security and Rule of Law. The ATA membership extends to 37

one-week international seminar focusing on some of the most important

countries from North America to the Caucasus throughout Europe. In 1996,

security aspects for NATO in the period after 2014. The seminar will

the Youth Atlantic Treaty Association (YATA) was created to specifially

take place on the 30th May -7th June 2015 in Smolyan, Bulgaria.

include to the successor generation in our work.

This year’s seminar will focus on key topics such as preparing for

Since 1954, the ATA has advanced the public’s knowledge and

threats in emergent spaces, including cyber space and maritime security,

understanding of the importance of joint efforts to transatlantic security

Smart Defence and planning for the future in times of austerity, NATO's

through its international programs, such as the Central and South Eastern

role as a global security actor, NATO-Ukraine cooperation for 2015,

European Security Forum, the Ukraine Dialogue and its Educational Platform.

NATO-Russia relations, women’s role in peace and security, war against terrorism, and NATO transparency and reforms. Topics like these we would like to shed light on through discussions, panel debates and group activities. The seminar will go through a direct contact between young

In 2011, the ATA adopted a new set of strategic goals that reflects the constantly evolving dynamics of international cooperation. These goals include:

security issues.

people, representatives of NGOs, media, representatives of governments, panel discussions, workshops and debates, presented by experts,

professors and competitive speakers. Atlantic Voices is always seeking new material. If you are a young researcher, subject expert or professional and feel you have a valuable contribution to make to the debate, then please get in touch. We are looking for papers, essays, and book reviews on issues of importance to the NATO Alliance. For details of how to submit your work please see our website. Further enquiries can also be directed to the ATA Secretariat at the address listed below. Editor: Flora Pidoux

Images should not be reproduced without permission from sources listed, and remain the sole property of those sources. Unless otherwise stated, all images are the property of NATO.

the establishment of new and competitive programs on international

the development of research initiatives and security-related events for its members.

the expansion of ATA’s international network of experts to countries in Northern Africa and Asia. The ATA is realizing these goals through new programs, more policy

activism and greater emphasis on joint research initiatives. These programs will also aid in the establishment of a network of international policy experts and professionals engaged in a dialogue with NATO.

The views expressed in this article are entirely those of the authors. They do not necessarily represent the views of the Atlantic Treaty Association, its members, affiliates or staff.

This publication is co co--sponsored by the North Atlantic Treaty Organization


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.