It’s been a busy week in the skies above Europe’s periphery, as Nato has repeatedly scrambled jets to track “unusual” sorties by Russian bombers.
However lively the aerial game of cat and mouse has been, it is nothing compared to the digital skirmishing that goes on in and around the servers and systems that sustain the western alliance.
“The threat landscape is vast, from malware and hacktivists to organised criminals and state-sponsored attacks,” says Ian West, a former RAF officer who now heads up Nato’s cyber-security services. “Things that we thought impossible can be done.”
West’s 200-strong team covers operations for about 100,000 people at 34 Nato sites. Their task is formidable even by the hyperbolic standards of the internet. “Our intrusion detection systems find around 200m suspicious events each day,” West says.
While only a fraction of those are seen as serious attacks on Nato computers, it still adds up. The unit dealt with more than 3,600 abnormal activity or intrusion attempts last year, of which there were about five confirmed cyber-attacks per week. . . .
Hannes Krause, Estonia’s assistant defence counsellor at Nato, says: “The nature of cyber-defence is that we are constantly behind the adversaries and not just two but more like 20 steps – as they are not bound by any rules. The next major Nato crisis is likely to be cyber-driven. The new attacks will be something we have never seen before. These are the unknown unknowns. . . .”
West says more than 95% of the cyber-attacks he faces are criminal activity – attempts to steal rather than to make aircraft fall out of the sky. In these cases, cyber-attackers often use sleeper cells, planting bugs or malware that allow undetected extraction over a long period. This ties in with industry figures that show the average time taken to detect a cyber-attack went up to 32 days last year, from 24 the year before. . . .
No defence is foolproof. “There is no silver bullet,” says West. “If you want to seriously defend your networks against modern threats, then you need a layered defence. That means firewalls, intrusion detection systems, and cooperation. We are not always successful. But if they do get past one layer of defence, they don’t get further – and never the classified information.”