HELSINKI — Denmark has responded to a series of cyber attacks against private and state defense organizations by establishing an Offensive Cyber Warfare (OCW) unit to repel assaults and launch counter-strikes.
A $74 million capital provision has been added to the Defense Ministry's of Defense's (MoD) defense budget in 2015-2017 to cover the OCW's formation and operational costs.
The task of establishing and operating the OCW will fall to the Danish Defense Intelligence Service (DDIS/ Forsvarets Efterretningstjeneste- FE). The DDIS operates as a department of the MoD and is Denmark's chief agency for military and foreign intelligence.
The OCW project was spun from a recommendation by the Danish Defense Commission (DDC) in 2012 that advocated the reinforcement of Danish cyberwarfare defense technologies and capacities under the government's coordinated national cyber defense strategy plan.
The DDC's recommendation was followed in 2013 by the Danish government's National Plan for Cyber Security. This included a proposal to add a more dynamic offensive capability to the existing traditional defensive-based approach to cyberspace defense.
The DDC's proposal was contained in the political cross-party Danish Defense Agreement covering 2013-2017.
Denmark's current cyberwarfare apparatus is primarily equipped to protect military computer systems from hacking and disruption. The present infrastructure-base does not have a specific focus on developing offensive "strike-back" response mechanisms to launch counter cyber warfare attack measures against malefactors bent on infiltrating defense or industrial IT platforms.
Significantly, the DDIS's upgraded role means that the organization will become Denmark's effective front-line gatekeeper to thwart foreign and domestic cyberwarfare threats. Moreover, the agency will be responsible for operating both defensive and offensive "weaponry" against hostile actors or organizations in cyberspace.
The $74 million allocation is being arranged by the Ministry of Finance. Apart from the OCW's initial set-up and equipment costs, around 50 percent of the capital sum will go to developing advanced offensive cyberwarfare technologies, skills and "counter-strike weaponry." Some of this niche work will be carried out in collaboration with Danish universities and defense research organizations.
"It is fundamental that we strengthen in the area of managing information security across the board, both at the state level and our distributors. To achieve this, we need to have a highly capable, determined and ambitious national cyber defense strategy," said Bjarne Corydon, Denmark's finance minister.
Denmark's more aggressive approach to ratcheting up its offensive cyber defense warfare capability comes after in the wake of a series of recent cyber attacks against indigenous defense companies that is believed to have included Terma, key government ministries, among them defense and industry departments.
Other organizations, such as the Danish Maritime Authority (Søfartsstyrelsen) and Statens IT, the Danish state organization responsible for providing IT services to many key government authorities and departments, also came under cyber attack.
The Danish government, based on intelligence reports from the DDIS and other state surveillance agencies, confirmed in September 2014 that parts of the country's core defense, industrial and government ICT infrastructure had been subjected to repeated "information gathering" cyber attacks since 2008.
"We are talking about a sophisticated campaign of cyber espionage that was first detected in 2008 and which continued up to the end of 2012. There have been attacks since, but few as complex or aggressive. The main target appears to have been the ICT systems of the leading Danish defense firms, and especially those subcontracting to Lockheed's F-35 Joint Strike Fighter development program," said Marc Wauters, a political analyst based in The Hague.
Although unable to confirm the precise origin of the attacks on native defense groups, Danish intelligence services suspect the cyber assaults were launched by hackers located in China. Defense company leaders were alerted to the serial attacks by the DDIS in late 2013, said Thomas Lund Sørensen, the DDIS's director.
The formation of the OCW, coupled with Denmark's forward drive into offensive cyberwarfare, may require legal changes to redefine cyber threats as another form of conventional or alternative military warfare, said Anders Henriksen, an international law expert at the University of Copenhagen.
According to Henriksen, the Danish Parliament may be required to decide if "offensive cyberwarfare falls into the same category as traditional military operations" that are structured to deal with threats against Danish national security and sovereignty.
The need for offensive cyberwarfare mechanisms brings Denmark into a "new realm of national defense and legal structures," said Troels Lund Poulsen, the defense spokesman for Denmark's Liberal Party.
"It will become more important for the national Parliament, as Denmark develops advanced offensive cyberwarfare technologies and capacity, to have adequate supervisory tools in place to regulate the DDIS's operations and examine how the military may use the new offensive cyberwarfare weaponry at its disposal," said Poulsen said. (interview)