ISSN 2294-1274
ATLANTIC TREATY ASSOCIATION
Volume 2 - Issue 5, May 2012
THE GROWING CYBER-THREAT: What role for the Transatlantic Alliance? The cyber-threat is omnipresent in our world of email-driven private and professional communication, online social media, but also computerbased critical infrastructure and not least military technologies. If we narrow the focus down to the political and military spheres, the oft-cited computer worm ‘Stuxnet’ of June 2010 is probably the most outstanding individual incident of a modern cyber-attack with a political background. This supposedly state-sponsored malware tool brought considerable damage to the Iranian nuclear facilities which are believed to serve military
53 per cent of companies believe they have experienced an attack waged with a specific political goal in mind.
purposes. The ’Stuxnet’ episode demonstrates the role
Contents:
of cyber-space as a central sphere for political, diplomatic and military disputes and confronta-
Global Pulse: Cyber-attacks: A short guide
tions of the 21st century. With the difficulty of
Marie Harbo Dahle provides an overview of important definitions and clarifications in order to
attributing a cyber-attack, national governments
structure the general debate about cyber-security and cyber-attacks. Thereby, she especially
can easily hide attacks behind private computers.
looks at the distinction between cyber-espionage and cyber-attacks as well as at current interna-
Looking at the growing and asymmetrical cyber-
tional law.
threat and the complexity of this security challenge, NATO as a military alliance, based on
NATO and the fight against the cyber-threat
Article 5 and collective defense, does not only
Emine Akcadag looks at the nature of cyber-space and the related security issues. In the main
need to constantly sophisticate and adapt its own
part of her article, she provides a detailed insight into NATO’s efforts in the field of cyber-
cyber-defense capabilities, but also to soon find
defense, triggered by the events of 9/11 and the massive cyber-attacks on Estonia in 2007. The
ways to develop a common blueprint for an Arti-
article finally calls for even stronger cooperation among NATO members in order to foster the
cle 5-type reaction to attacks in cyber-space.
fight against the cyber-threat.
Atlantic Voices, Volume 2, Issue 5
1
GLOBAL PULSE The transatlantic partnership was forged in war two generations ago and maintained for decades under the looming threat of renewed conflict. With the Alliance now at a crossroads, its future depends on the active engagement of its members’ young citizens. Committed to this endeavor, YATA is proud to partner with Atlantic Voices and help bring the opinions, analysis, and commentary of young Atlanticists to the forefront of international debate. By presenting security, economic, and diplomatic issues through the eyes of future policy and decision makers, Global Pulse aims to build a bridge between the challenges of today and the solutions of tomorrow.
Cyber-attacks: A short guide By Marie Harbo Dahle As cyber-security and cyber-attacks become part of the mainstream secu-
systems that control infrastructure, industrial processes or com-
rity debate, a brief overview of the crucial definition issues can be helpful
munication lines. If the effects are destructive enough, the at-
to keep the discourse on the right track.
tacks might trigger a proclaimed right to defensive action according to international law. Cyber-espionage, although more fre-
Cyber-espionage is not a cyber-attack – it’s merely espionage
quent, is like all forms of espionage legal under custom interna-
First, what is a cyber-attack? And what is it not? In the influential
part different debate entirely.
tional law. Although an integral element of national security, it is
‘Joint Doctrine for Information Operations’ by the U.S. Joint Chiefs of Staff, cyber-attacks are defined as ‘deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or
Cyber-attacks are subject to current international law
the information they hold’. A cyber-attack requires information
According to international law and custom, a state may respond
about a vulnerability in the target computer system, access to it,
forcefully to an armed attack against it. This right of self-defense
and the malicious software (malware) the
also holds in the case of cyber-warfare, if the
attacker wishes to insert. In the media, the
attack had effects which caused destruction
term cyber-attack is usually also used to
on the same level as a conventional strike. If
describe the espionage that businesses and
the attack falls below this threshold, yet is
government agencies are subject to every
still considered highly intrusive, it remains
day, as well as the so-called ‘distributed
unclear how a state could and should re-
denial of service’ (DDOS) attacks to dis-
spond. Once again, we are not discussing
rupt access to targeted websites. For the
incidents of espionage, but attacks with the
sake of clarity, a lot of experts now distin-
The vast majority of malware is designed to goal of disrupting or damaging systems. steal or compromise data (Photo: Foreign Policy guish between a cyber-attack and an act of Association)
cyber-espionage. The first kind aims to destroy information, while the latter seeks to extract it. When
Equal access does not mean equal
resources
information systems are destroyed the elements that they control
A common perception seems to be that because virtually anyone
might also feel the effect of the attack – and this is what we most
can access cyber-space and acquire hacking skills, distinguishing
fear in the security context. Likely targets are the computer
between state and non-state actors is nearly impossible. But
Atlantic Voices, Volume 2, Issue 5
2
equal access to cyber-space does not mean equal resources. The
cases where analysts came to different conclusions drawn from
financial resources and the intelligence capabilities available to
the same set of technical and circumstantial data.
some states usually dwarf the resources available to the average hacker. Sophisticated weapons in cyber-space, meaning the malware created for purposes of
Cyber-attacks do pose a challenge to international law
destruction or espionage,
The practical problem with
are incredibly difficult and
the attribution of cyber-
expensive to create. This is
attacks is obvious. Even if
the reason why famous cyber
the attack amounts to an
-operations
such
as
armed attack according to
‘Duqu’
and
the UN Charter, the tar-
‘Flame’ have all been attrib-
geted state wouldn’t know
uted to states, even though
where to direct the counter-
no analyst has been able to
attack. And if it had some
provide
proof
general idea, the discussion
concerning the origin of the
quickly becomes: How sure
attack.
do you need to be before
‘Stuxnet’,
definitive
Cyber-attack? Cyber-espionage? Cyber-crime? A major problem of the discussion you strike? This is an essen-
Attacks can easily be around the cyber-threat is a lack of clear definitions and reference in interna- tial legal question, as a use of tional law. conducted anonyresponsive force would need mously to be justified according to international law as well. Counter-
With ‘attribution’, we arrive at the core of the practical and
action will usually entail a risk of harming innocent third parties,
conceptual challenges associated with cyber-attacks. Attribution
and the risk becomes significantly higher in the case of cyber-
means locating the origin of the attack and identifying the at-
attacks. In regards to a conventional attack, there would be
tacker. Sophisticated hackers will have little difficulty hiding and
evaluations in terms of proportionality and discrimination, but
distorting evidence of their identity and location. They can in-
there will probably be little doubt as to where the attack ema-
struct their electronic traffic to exit at different routers from the
nated from and where to direct the response. (International
ones they use themselves, making it look as if the attack came
terrorist attacks are a different matter – these must be investi-
from a completely different city or country. The attacked state will have to engage in long processes of analysis of both the code of the malware as well as circumstantial evidence in order to arrive at
gated, much in the same way as cyber-
With ‘attribution’, we arrive at the core of the practical and conceptual challenges associated with cyberattacks.
judgments about the attacker’s identity.
attacks need to be). In addition to the obvious uncertainty that will arise in a public which has been attacked, the targeted state will also have difficulties justifying a forceful response. The process of
From what we have seen in the cases of ‘Stuxnet’ and ‘Duqu’,
reaching to a definitive judgment could be a rather lengthy one,
this is a time-consuming task. Independent cyber analysts, inter-
and if the accused state doesn’t admit fault then it will be very
net security companies and government cyber security centers
hard to provide the international community with definitive
have to spend months, even years, to analyze the code of the
proof.
malware. In addition, what one might call the circumstantial evidence – the political context, recent events, and financial and technical capabilities of possible culprits – needs to be included in the analysis. And even then, it could be tough to present conclusive evidence of the attacks’ origin. There have also been
Atlantic Voices, Volume 2, Issue 5
Marie Harbo Dahle is President of YATA Norway. She holds a BA in Political Science and French from the University of Oslo, and wrote her thesis on the normative implication of the attribution problem with cyber-attacks.
3
NATO and the fight against the cyber-threat by Emine Akcadag
T
The cyber-threat The revolution in information technologies gave birth to the
he end of the Cold War has brought about high
globally-interconnected digital information and communica-
expectations concerning the maintenance of
tion infrastructure known as “cyber-space” and revealed a
permanent peace in the whole world. How-
new society, the so-called “network society”. National gov-
ever, as the new security threats became rather alarming, it
ernments were obliged to adapt themselves to the age of in-
was seen that these optimistic views were not the reflection
formation technology and carried their departments and ser-
of the reality. Mere military matters, as a result of a paradigm
vices to cyber-space. While offering a great deal of easiness
shift, have been replaced by new security threats such as the
and comfort, cyber-space has also caused the emergence of a
proliferation of weapons of massive destruction, terrorism,
new threat which has an asymmetrical and multidimensional
cyber-security, energy security and environmental security.
dimension.
More and more vulnerabilities of computer systems are being identified worldwide. NATO as a political-military organization is constantly adapting its cyber-defense policy.
Centered upon the individual and society, the main character-
Because of their dependency on information technology
istic feature of these threats is their being transnational in
and computers (e.g. banking and financial services, telecom-
nature. One of the most pressing and potentially dangerous of
munication systems, electricity networks, water supply),
these threats originates from the cyber-realm. In today’s
network societies have become more vulnerable to cyber-
world which has been shaped by communication and informa-
attacks. For example, a cyber-attack launched from outside
tion revolutions, the cyber-threat has become a central issue
the United States, hit a public water system in Illinois in No-
in private life and (international) business and politics.
vember 2011. Therefore, it has become an obligation to take
Atlantic Voices, Volume 2, Issue 5
4
appropriate measures in both the public and private spheres in
make it available for takeover and remote control. Addition-
order to fight the cyber-threat. Many national governments
ally, ‘Botnets’ (i.e. Internet computers that, although their
have added the cyber-dimension to their national security
owners are unaware of it, have been set up to forward trans-
strategy.
missions – including spam or viruses – to other computers on
Among the multi-faceted threats
the Internet) and other examples of
in cyber-space, the first one that
malicious codes can operate to assist
needs to be mentioned is ‘cyber-
cyber-criminals in their identity theft
crime’. Although there is currently
undertakings. For example, the
no globally accepted definition of
prominent ‘I LOVE YOU’-worm
cyber-crime, it refers to all activities
attacked tens of millions of Microsoft
in cyber-space with a criminal intent,
Windows personal computers in May
and it can target natural persons,
2000 when it started spreading as an
business or non-business organiza-
email message from the Philippines.
tions and governments. The distinc-
This worm produced over $15 billion
tion between cyber-crime and other
in damages, including $5.5 billion in
cyber-based malicious acts is the ac-
the first week alone.
tor’s motivation. Cyber-criminals
Besides, terrorists that are known for
generally exhibit a wide range of self
using information technology and the
interests, deriving profit, notoriety,
Internet to formulate plans, raise
and/or gratification from activities
funds and spread propaganda may use
such as hacking.
cyber-attacks to disrupt critical sys-
Smart grids and next generation computing for energy tems in order to harm targeted govand solar technologies in homes will lead to the creation ernments or civilian populations. includes a wide variety of crimes, of more vulnerabilities.
Although the term “cyber-crime”
There is a number of hacker groups
according to the Council of Europe Convention on Cybercrime, there are four different types of
such as ‘Iron Guard’ which are affiliated with Islamic terrorist
offenses. The first type is the offense against the confidential-
organizations1. ‘Iron Guard’ is a group of hackers that was
ity, integrity and availability of computer data and systems
formed during the Israeli-Palestinian cyber-conflict in late
which includes illegal access such as hacking and cracking,
2000. This group is believed to be technically adept and it is
espionage, illegal interception, data and system interference.
reported to have ties to Hezbollah and other Islamist extremist groups. Iron Guard’s call for a cyber
The second type is the content-related offense which covers content that is considered illegal, including child pornography, xenophobic material or insults related to religious symbols. The
It has become an obligation to take appropriate measures in both the public and private spheres to fight the cyber-threat.
third type is the computer-related of-
-jihad was supported by al-Muhajiroun, an organization with well-known ties to former al-Qaeda leader Osama bin Laden2. As for ‘cyber-attacks’, it is possible to
fense which covers a number of offenses that need a computer
define them as any action taken to undermine the functions of
system to be committed such as computer-related fraud,
a computer network for a political or a national security pur-
computer-related forgery, phishing and identity theft, as well
pose. There is a variety of activities that fall within the defini-
as the misuse of devices. The fourth type is the copyright-
tion of cyber-attacks such as the so-called ‘Distributed Denial
related offense which includes the exchange of copyright-
of Service’ (in April 2007, Estonia suffered this kind of at-
protected songs, files and software in file-sharing systems and
tack) and planting inaccurate information (in 1999, the
the circumvention of digital rights management systems.
United States developed a plan to feed false target data into
Cyber-criminals can use malicious codes, such as viruses,
the Serbian air defense command network, inhibiting Serbia’s
worms or Trojan Horses in order to infect a computer to
ability to target NATO aircraft). Unlike cyber-crimes (though
Atlantic Voices, Volume 2, Issue 5
5
in some cases it is possible), cyber-attacks need to undermine
in Iran. The United States and Israel were accused by Teheran
the target computer network and have a political or national
of having deployed ‘Stuxnet’. Recently, the United States and
security purpose. Nevertheless, sometimes cyber-crime can
Israel were once again blamed to jointly develop the sophisti-
also include attacks against computers to deliberately disrupt
cated computer virus ‘Flame’ that collected intelligence in
processing, or may include espionage to make unauthorized
preparation for cyber-sabotage aimed at slowing down Iran’s
copies of classified data.
ability to develop a nuclear weapon. As a result, state-
In the context of cyber-attacks, it would be useful to take
sponsored attacks have come to be considered as a growing
an additional look at state-sponsored
feature of the cyber-threat.
attacks. Three international incidents
As nowadays the dimension of the cy-
involving Estonia, Georgia, and Iran have informed recent discussions on state-sponsored attacks. As men-
No nation or corporation is truly in a position to face and manage cyberthreats on their own.
ber-threat is continuously evolving, it could be mentioned that no nation or corporation is truly in a position to face
tionned above, in spring 2007, a series
and manage cyber-threats on their
of cyber-attacks on Estonia blocked
own, thus a concerted international
websites and paralyzed the entire Internet infrastructure of
effort is needed to fight against these threats. Being aware of
the country by swamping the websites of the national parlia-
this reality, the Transatlantic Alliance itself, just like many
ment, banks, ministries, newspapers and broadcasters. These
other international organizations, has launched and developed
cyber-attacks came at a time when Estonia was embroiled in a
an ambitious cyber-defense policy.
dispute with Russia over the removal of a Soviet-era war memorial from the center of Tallinn. In this context, the Rus-
NATO’s Cyber-Defense Policy
sian government
During the Kos-
was
publ i c l y
ovo crisis at the
blamed by Esto-
end of the 1990s,
nian officials for
NATO faced its
launching
and
first serious inci-
these
dents of cyber-
backing
attacks. Hackers
attacks. In
2008,
sympathetic
a
to
series of strategic
Serbia electroni-
cyber-attacks
cally
disabled Georgian
attacked” NATO
command
and
web servers. This
control systems.
led, among other
These
things,
intrusions
“ping-
to
the
coincided with the The discovery of the ‘Stuxnet’ worm forced governments and businesses around the world to examine Alliance’s e-mail their cyber-defense measures more rigorously. account being broader armed blocked for sev-
conflict that broke out in August 2008 between the Russian Federation and
eral days for external senders, and to a repeated disruption of
Georgia over South Ossetia. Thus, the Russian government
NATO's website.
was once again accused of being behind a cyber-based incident.
Facing this challenge, the Alliance started to realize the seriousness of the cyber-threat. However, the key
In June 2010, a malicious software worm called ‘Stuxnet’
event which drew attention to potential vulnerabilities in the
attacked among others the operations of nuclear centrifuges
digital infrastructure of the NATO Allies were the attacks of
Atlantic Voices, Volume 2, Issue 5
6
Cyber-security is an unavoidable issue and the threat is growing daily.
9/11. Consequently, NATO issued an important call to im-
and conducts appropriate security risk management, and the
prove its “capabilities to defend against cyber-attacks” as part
Cooperative
of the Prague Capabilities Commitment, agreed in November
(CCDCOE) which complements the work of the other re-
2002. The most important element of the Cyber-Defense
lated institutions by improving cooperation and information-
Program was the creation of the NATO Computer Incident
sharing.
Response Capability (NCIRC), the Alliance’s “first responders” to prevent, detect, and react to cyber-incidents. Another key moment forcing the Alliance to reconsider the need for a common cyber-defense policy were the cyber-attacks on Estonia in 2007, which pushed the Alliance to adopt a
Cyber-Defense
of
Excellence
Furthermore, NATO’s new Strategic Concept and the 2012 Chicago Summit Declaration recognize that cyber-
A key moment for NATO to reconsider the need for a common cyber-defense policy were the cyber-attacks in Estonia in 2007.
formal “NATO Policy on Cyber-
Center
attacks continue to increase significantly in number and evolve in sophistication and complexity. The Strategic Concept also emphasized the need for accelerated efforts in cyber-defense and tasked the North Atlantic Council to
Defense” in January 2008. As a result, the 2008 Bucharest
develop a new NATO Policy on Cyber-Defense and an Ac-
Summit emphasized “the need for NATO and nations to pro-
tion Plan for the policy’s implementation by June 2011. On 8
tect key information systems; to share best practices; and to
June 2011, NATO Defense Ministers approved this Cyber-
provide a capability to assist Allied nations, upon request, to
Defense Policy which is by far the most important step the
counter a cyber-attack.” Following the Bucharest Summit, the
Alliance has taken so far.
Alliance established two major cyber-defense institutions: the
The 2011 NATO Cyber-Defense Policy “sets out the
Cyber-Defense Management Authority (CDMA) which initi-
framework for how NATO will assist Allies, upon request, in
ates and coordinates the cyber-defenses, reviews capabilities
their own cyber-defense efforts, with the aim of optimizing
Atlantic Voices, Volume 2, Issue 5
7
information-sharing and situational awareness, collaboration
fenses in 2012, spending 58 million Euros to establish
and secure interoperability based on NATO agreed stan-
a NATO Cyber Incident Response Capability that will be
dards.” Furthermore, the new policy and the Action Plan for
fully operational by the end of 2012. A Cyber Threat Aware-
its implementation provide NATO nations with clear guide-
ness Cell will also be set up to enhance intelligence-sharing
lines and an agreed list of priorities on how to bring the Alli-
and situational awareness. Moreover, the Alliance continues
ance's cyber-defense forward, including enhanced coordination within NATO as well as with its partners.3 Besides, in 2011, NATO started to formulate a rapid reaction team con-
to conduct frequent cyber-exercises
NATO decided to expand its defenses in 2012, spending 58 million Euros to establish a NATO Cyber Incident Response Capability.
cept. “These cyber-defense experts are
and the interested partners take part in NATO's cyber-security activities. For instance, the most recent ‘Cyber Coalition 2011’ exercise included six partners: Finland and Sweden were play-
responsible for assisting member states which ask for help in
ers, and Australia, Austria, Ireland and New Zealand sent
the event of an attack of national significance,” explains Alex
observers, as did the European Union.
Vandurme, expert in NCIRC, and he adds: “The types of cyber-attacks experienced by Estonia and Georgia will be-
Recommendations
come the most frequent form of cyber-attacks in the future. A
NATO Deputy Assistant Secretary General for Emerging
mixture of protest, or traditional war, and a cybernetic ele-
Security Challenges Dr Jamie Shea identifies three main levels
4
ment.” Hence, this rapid reaction team will be an important
of potential threat that NATO currently faces and monitors.5
tool for NATO to enhance the protection of its communica-
The first involves direct attacks on NATO's computer infra-
tion and information systems against attempts at disruption
structure. The second threat is one engineered to defame or
through attacks or illegal access. Any NATO member nation
damage the reputation of the institution. The third consists of
suffering a significant cyber-attack will be able to ask for
new types of malware, which at the moment are being di-
NATO's help.
rected against third parties or countries, but which NATO has
As for the 2012 Chicago Summit Declaration, it empha-
to monitor on a constant basis. “Each day, we are seeing up to
sized that NATO Allies
30 significant attacks on
have committed to provid-
our digital networks or on
ing
individual
the
resources
computers,
and completing the neces-
mostly by way of emails
sary reforms to bring all
infected by spyware and
NATO bodies under cen-
sent to individual NATO
tralized cyber-protection,
employees,”6 says Lt. Gen.
to ensure that enhanced
Kurt Herrmann, Director
cyber-defense capabilities
of the NATO Communi-
protect
collective
cation and Information
investment in NATO. It
Systems Services Agency
also affirmed that the Alli-
(NCSA). The statements
ance will develop fur-
of Shea and Herrmann
ther its ability to prevent,
give us an idea of the seri-
detect, defend against, and
ousness and complexity
recover
that cyber-attacks contain
our
from
cyber-
for NATO. Hence, the
attacks.
Alliance must be able to
In addition, NATO decided to expand its de-
The continuous development of information and communication technologies opens new possibilities for cyber-criminals.
Atlantic Voices, Volume 2, Issue 5
find answers to all of these 8
next phase should be the alignment of national cyber-defense
threats. As mentioned above, cyber-defense has been an important
capabilities with those of NATO. Ensuring the standardiza-
part of NATO’s agenda for more than a decade. Neverthe-
tion of the cyber-defense policy that caters for 28 member
less, it is an obligation for NATO to keep improving its cyber
nations is without doubt a difficult issue. However, NATO
-capabilities in order to fight against cyber-attacks that are
needs uniform cyber-security standards so that all members of
becoming more pervasive, complex and costly. For that pur-
the Alliance do understand cyber-security in the same way. For that purpose, member nations
pose, taking into account that NATO operations rely heavily on cyberenabled networks, first of all, the Alliance should be able to defend its command, control and cyber-systems by
The next phase should be the alignment of national cyber-defense capabilities with those of NATO.
developing its cyber-capabilities, espe-
should identify their own national critical infrastructure, which links to NATO's systems. “Just as all of us in NATO know to which standards the tanks, aircraft and ammunition of the
cially by investing into research. Furthermore, the ‘Cyber
Alliance must conform, we also need international co-
Defense Awareness, Education, Training and Exercise pro-
operation among Allies to find common standards in cyber-
gram’ has a special importance in terms of being able to pro-
security,”9 says the Estonian President Toomas Hendrik Ilves.
tect NATO’s networks and infrastructures. These exercises
Besides, as NATO offers a forum suitable for coordination
also highlight possible shortfalls in crisis management arrange-
and consultation with regard to the cyber-threat, it may help
ments between civilian and military authorities. For example,
to ensure coordination and possibly harmonization for na-
NATO's annual ‘Cyber Coalition’ Exercise’ presents the op-
tional approaches which pave the way for an international
portunity for nations to have their infrastructure 'stress-
treaty on cyber-security.
tested' by creating cyber-scenarios that the participating na-
The invocation of Article 5 is a delicate subject concerning
tions must tackle. Sharing technology, methodology and
NATO’s cyber-defense capabilities. It is still unclear what size
knowledge contributes to a more robust cyber-defense capa-
of a threat would prompt NATO to invoke Article 5 accord-
bility for all actors involved.
ing to which an armed attack against one Ally is considered an
7
As Supreme Allied Commander Transformation Gen.
attack against all. It would not be wrong to say that there is
Stéphane Abrial states, “today, a critical element of any cyber-
no such thing as a concrete NATO-wide cyber-
defense strategy is the understanding that cyber-space is inter-
response model in case of a full scale cyber-attack on a mem-
national by nature. No one country can deal effectively with
ber state. Moreover, in theory, effective cyber-deterrence
cyber-threats on its own.” Hence, the fight against the cyber-
requires a wide-ranging scheme of defensive as well as offen-
threat requires cooperation with partner countries, the pri-
sive cyber-capabilities. Nevertheless, the Alliance does not
vate sector, international organizations and academia in order
have offensive cyber-capabilities. Although individual mem-
to ensure efficiency, complementarity and non-duplication.
ber states may have offensive cyber capabilities, they do not
As many EU member states are also members of NATO, it
prefer to share them even with close Allies because of the
would be easier to ensure a cooperation between NATO and
sensitivity and perishability of these capabilities.
8
the EU regarding cyber-security, especially in the areas of
Finally, cyber-space can be assumed in the context of
training and education, information-exchange, protecting
NATO’s ‘Smart Defense’ initiative which is a new way of
national communications and information systems, and har-
thinking about generating the Alliance’s modern defense ca-
monizing crisis management procedures.
pabilities, as reinforced by the 2012 Chicago Summit. For the
Considering the cyber-threat as a national security prob-
purposes of Smart Defense, the Alliance nations must give
lem instead of a technical issue for computer security profes-
priority to those capabilities which NATO needs most, spe-
sionals is essential for the effectiveness of NATO’s cyber-
cialize in what they do best, and look for multinational solu-
policy and its standardization. After the integration of cyber-
tions to shared problems. Within this context, the NATO
defense measures into Alliance structures and procedures, the
Cooperative Cyber Defense Center of Excellence constitutes
Atlantic Voices, Volume 2, Issue 5
9
an example for the implementation of multi-national solu-
natolive/news_85161.htm.
tions to international security threats.
5
NATO, “Getting serious about cyber security”, accessed
June 11, 2012,
Conclusion
http://www.defencemanagement.com/feature_story.asp?
Our interconnected societies depend on information and
id=18166.
communication technologies, and this makes them more vul-
6
nerable to cyber-threats that are becoming more sophisticated
berattacks,”
and complex. As enhancing cyber-security and protecting
www.spiegel.de/international/world/nato-concerned-about
critical infrastructures are essential to each nation's security
-increasing-numbers-of-cyberattacks-a-829908.html.
and economic well-being, the deterrence against cyber-crime
7
and cyber-attacks has to be an integral component of national
Journal 55, Winter 2011, p. 23.
and international security strategies.
8
Cyber-attacks may cause harm not only to a national gov-
Matthias Gebauer, “NATO Faced with Rising Flood of CyDer Spiegel,
April
26,
2012,
http://
Jamie Shea, “Shielding from Harm,” Defence Management Stéphane Abrial, “NATO Builds Its Cyberdefenses”, The New
York
T i me s ,
F e b r ua r y
2 7,
2 01 1 ,
h t t p: / /
ernment but also to international governmental and non-
w w w . ny t i me s . c o m/ 2 01 1 / 02/ 28 / o pi ni on/ 2 8i h t -
governmental organizations. In this context, the use of de-
edabrial28.html?_r=1.
structive cyber-tools that can threaten national and Euro-
9
Atlantic security and stability as well as NATO institutions
Review,
has prompted the Alliance to strengthen its cyber-capabilities.
node/14165.
“NATO Needs Uniform Cyber Security Standards”, Estonian April
12,
2012,
http://www.vm.ee/?q=en/
It is possible to say that many future conflicts will have a cyber-dimension, whether in stealing secrets and probing vulnerabilities to prepare for a military operation or in dis-
The views expressed in this article are entirely those of the author.
abling crucial information and command and control net-
They do not necessarily represent the views of the Atlantic Treaty
works of the adversary during the operation itself. Conse-
Association, its members, affiliates or staff.
quently, NATO’s future military effectiveness and capability will be closely linked to and dependent on its cyber-defense
About the author
capabilities.
Emine Akcadag Michael VATIS, “Cyber Attacks: Protecting America’s Secu-
Emine Akcadag is a research fellow on Security Studies
rity against Digital Threats”, ESDP Discussion Paper, Harvard
at the Wise Men Center for Strategic Studies in Turkey
University, June 2002, p.8.
and a PhD candidate at the Institut d’Etudes Politiques de
2
Strasbourg.
1
Office of Critical Infrastructure Protection and Emergency
Preparedness, “Threat Analysis- Al-Qaida Cyber Capability”, accessed June 22, 2012, http://www.epc-pcc.gc.ca/emergencies/other/TA01001_E.html. 3
“New Threats: The Cyber Dimension”, NATO Review, ac-
cessed
June
11,
2012,
http://www.nato.int/docu/
review/ 2011/11-september/ Cybe r-Threa ds/EN/ index.htm. 4
“NATO Rapid Reaction Team to fight cyber attack”, ac-
cessed June 11, 2012, http://www.nato.int/cps/en/SID-755CBE3F-6B0F8F50/ Atlantic Voices, Volume 2, Issue 5
10
Atlantic Voices, Volume 2, Issue 5
11
ATA Programs
Atlantic Voices is the monthly publication of the Atlantic Treaty Association. It aims to inform the debate on key issues that affect the North
From 18 to 21 May 2012, the ATA and YATA leadership were
Atlantic Treaty Organization, its goals and its future. The work pub-
present at the 2012 Young Atlanticist Summit in Chicago. This
lished in Atlantic Voices is written by young professionals and researchers.
event, which took place on the sidelines of NATO’s Chicago Summit, gathered around 50 international young professionals and high
The Atlantic Treaty Association (ATA) is an international non-
-level students to discuss pressing issues on the transatlantic agenda
governmental organization based in Brussels working to facilitate global
with political and military leaders of NATO and its member states.
networks and the sharing of knowledge on transatlantic cooperation and
ATA President Karl A. Lamers welcomed the participants and en-
security. By convening political, diplomatic and military leaders with
couraged them to transport the transatlantic spirit from the sum-
academics, media representatives and young professionals, the ATA
mit into their civil societies in the transatlantic sphere.
promotes the values set forth in the North Atlantic Treaty: Democracy, Freedom, Liberty, Peace, Security and Rule of Law. The ATA membership extends to 37 countries from North America to the Caucasus throughout Europe. In 1996, the Youth Atlantic Treaty Association (YATA) was created to specifially include the successor generation in our work. Since 1954, the ATA has advanced the public’s knowledge and understanding of the importance of joint efforts to transatlantic security, through its international programs, such as the Central and South Eastern European Security Forum, the Ukraine Dialogue and its Educational Platform.
Atlantic Voices is always seeking new material. If you are a young
In 2011, the ATA adopted a new set of strategic goals that reflects the
researcher, subject expert or professional and feel you have a valu-
constantly evolving dynamics of international cooperation. These goals
able contribution to make to the debate, then please get in touch.
include:
We are looking for papers, essays, and book reviews on issues
◊
of importance to the NATO Alliance. For details of how to submit your work please see our website.
international security issues.
◊
Further enquiries can also be directed to the ATA Secretariat at the address listed below.
the establishment of new and competitive programs on
the development of research initiatives and security-related events for its members.
◊
the expansion of ATA’s international network of experts to countries in Northern Africa and Asia.
Editor: Florian Bauernfeind
The ATA is realizing these goals through new programs, more policy activism and greater emphasis on joint research initiatives.
All images published in this issue of Atlantic Voices are the property of NATO, reproduced with NATO’s permission, unless otherwise stated. Images should not be reproduced without permission from sources listed, and remain the sole property of those sources.
These programs will also aid in the establishment of a network of international policy experts and professionals engaged in a dialogue with NATO.