Cyber Defense Moves to the Center of NATO Operations

Some attacks against NATO

From Julian Hale, Defense News:  NATO’s Communications and Information Agency will recruit six cyberdefense experts in the coming months to help deal with cyberattacks on NATO systems. This action is part of NATO’s effort to move toward what it calls full operational capability by the end of October, meaning improved protection of 55 NATO sites across the world. . . .

A big part of this effort is the Mons-based NATO Computer Incident Response Capability (NCIRC), which has come with a price tag of €58 million (US $74.5 million).

The NCIRC is housed in the NATO Information Assurance Operations Centre, whose task is to look after NATO-owned systems and not systems in NATO countries. . . .

As many as nine out of 10 inbound emails to NATO are stopped because they are suspicious. Many are probes against NATO systems that are generally harmless but could be precursors to an attack.

In total, there are estimated to be around 147 million “suspicious events” per day against NATO systems. Technology systems whittle that down to a more manageable number of serious cases, which are then dealt with by the cyber experts. . . .

The NCIRC operates on a 24/7 basis, which is important because an attack coming from the Far East, for example, might hit the NATO networks in Europe at 2 a.m. European time.

“The most important thing is to stop the attack,” said [director Ian] West. In addition, NATO may carry out forensic analysis of the malicious code but does not go after the attackers. If it needs law enforcement assistance, it calls on the host nation of the attacker. 

From Adrian Croft, Reuters:  Crouched behind banks of computer screens flashing data, NATO analysts try to stay ahead of millions of suspected attempts to hack the Western alliance’s computer networks, as cyber defense moves to the center of NATO operations.

"Our intrusion detection systems handle something like 147 million suspicious events every day," director Ian West told reporters during a visit to NATO’s computer incident response capability technical center on Wednesday. . . .

Attacks on NATO’s systems range from hacking, attempts to implant malicious software and so-called denial of service attacks where a computer is bombarded with so much data that it collapses.

NATO analysts dealt with around 2,500 confirmed serious attacks on its computers last year, West said. . . .

Some attacks against NATO’s computer networks have been successful, he said, although he declined to say whether hackers had succeeded in stealing confidential data.

The threats come from hacking activists, criminals and "hostile nation states", although West declined to say which countries are suspected. . . .

Analysts among the cyber defense centre’s 130-strong staff from 15 nations say the attacks on NATO defense systems are growing in number and sophistication.

"The majority of the attacks are conducted by ‘spear phishing’ emails," said Andrzej Dereszowski, a Polish engineer at the center, referring to attempts by hackers to get hold of passwords or other confidential information by posing as a legitimate organization.

If it needs help from police, NATO may tip off the country concerned, but it will not go after the hacker itself, he says. NATO’s remit in the cyber area is purely defensive, not offensive.  (photo: Kacper Pempel/Reuters)

Cybersecurity Security & Defense

Image: reuters%207%2010%2013%20NATO%20cyber.jpg