NATO Faces About Ten Serious Cyber Incidents Each Month

NATO prepares Rapid Reaction Team to fight cyber attacks

From Paul Ames, Global Post:  The Boolea attack is fiction, the center-piece of operation Locked Shields, a "live fire" cyber exercise run by the NATO Cooperative Cyber Defense Center of Excellence in late April, to test the rapid response capabilities of allied cyber units.

Among the "red team" playing the part of the villainous insurgents are volunteer geeks from the private sector. They were called away from their day jobs — “penetration-testing” the systems of financial institutions and major corporations — to spend a couple days outwitting crack NATO electronic defense teams scattered around Europe.

"We use the same techniques as pen-test companies use, also the same techniques cyber criminals use," explains Col. Artur Suzik, the Estonian infantry officer who runs the center.

It may have been just a war game, but participants say the scenario realistically portrays the threats facing the North Atlantic Treaty Organization as cyber defense emerges at the frontline of alliance strategic thinking.

"If the bad guys are teaming up to do things better, then actually we should be teaming up as well," says Kristiina Pennar, spokeswoman for the cyber center. "We would like to believe that the guys on the defense side are one step ahead. That’s what we are working toward."

Fending off cyber espionage or attempts to hack alliance systems has become routine, says Jamie Shea, who heads NATO’s Emerging Security Challenges department. 

"What NATO is experiencing is pretty much what banks and companies, scientific laboratories and pretty much everybody else is experiencing these days," Shea said in an interview from alliance headquarters in Brussels, Belgium.

"Most are easily parried, pretty much like putting up an umbrella in the rain."

Last year, the NATO Computer Incident Response Capability responded to more than 2,500 cases.  That works out to an average of seven cases per day.

Most of the online incidents were dealt with automatically, using special detection sensors, scanners and firewalls. More serious incidents crop about 10 times a month, NATO officials, say. They can include targeted emails with dangerous attachments, probes looking for vulnerabilities in NATO’s defenses or denial of service attacks.

Despite the diverse nature of the threat and the increasingly sophistication of the attacks, NATO’s cyber defenders are proud that the alliance reached the end of 2012 without any major disruption to its network services. . . .

How nations can respond to such an attack is a legal grey area. [Bill] Boothby, who retired in 2011 as deputy legal director of Britain’s Royal Air Force, was one of a panel of international specialists commissioned by the Tallinn center to outline how the laws of war apply to cyberspace.

The so-called Tallinn Manual, published in March, controversially concluded that nations would be in their rights under international law to respond with bombs or bullets against cyber attacker that caused death, destruction or damage on a significant scale.

The manual triggered headlines suggesting NATO had given the all clear to kill hackers, and accusations it would lover the threshold for a military response.

Although NATO officials point out that the 300-page manual is not an official alliance document, it  is expected to be influential in the policies of allied nations.

Shea says only the most damaging cyber attacks would likely trigger a kinetic response. He insists the allied militaries need to have that option.

"That which is not permissible in the real world, does not become permissible because it’s in cyberspace," he contends. Hackers “can’t believe they can do terrible things in cyber space and get immunity because it is done with electrons rather than bombs."  (photo: Europe Security News)

Image: europe%20security%20news%203%2026%2012%20NATO%20cyber.jpg