HELSINKI — Cyberwarfare technology training has been identified as a new project area within the military-run Nordic Defense Cooperation (NORDEFCO) program.
To start with, NORDEFCO's new focus area will pool information gained from military-operated cyber defense centers combined with research and intelligence received under partnership agreements with cyber crime dedicated law enforcement agency units.
Training will focus on best practices in the joint assessment of cyber threats processing of cyber domain materials, with the spotlight on potential threats against targets within the Nordic and Baltic militaries, government and industrial spheres.
It is also planned that NORDEFCO's pan-Nordic Cyber Warfare Collaboration Project (CWCP) also will also cooperate and interact with the Tallinn-headquartered NATO Cooperative Cyber Defence Center of Excellence (CCDCE), Tallinn, Estonia, which functions as a NATO-accredited research and training facility.
Although the CCDCE primarily serves is mainly open to all NATO nations, it does run cooperation projects jointly with cyber specialized cyber military and law enforcement agencies in NATO partner countries, including Sweden and Finland.
The CWCP will also construct its training programs around research conducted by the Finnish armed forces' (FAF) cyberwarfare unit from 2011-2014. Using a step-by-step approach, the Finnish computer emergency response team (CERT) developed processes and practices, including the identification of legitimate and suspected hostile targets. lawful and unidentified impediments. The research and training program was conducted in partnership with the military's FAF's National Defense University. (Maanpuolustuskorkeakoulu).
Some of the Finnish CERT's work , including the formation and operation of cyber attack defense related Computer Emergency Response Teams (CERT), was carried out in collaboration with NORDEFCO under its Combined Training Areas Program (CTAP).
Under CTAP, the Finnish CERT conducted a successful multiphase, pan-Nordic cyber warfare test last in October. , 2014 which helped develop resulted in the development of processes and practices, including the identification of lawful and unidentified impediments
The NATO aligned Baltic states of Estonia, Latvia and Lithuania, under an agreement reached by Nordic defense ministers in mid-April, (2015), will join an expanded CWCP in 2015-2016. The inclusion of the Baltic states' militaries in NORDEFCO's projects reflects the ever closer relationships being developed between Nordic and Baltic militaries under the umbrella of joint Nordic-Baltic defense projects. , a large part of which will initially focus on multinational niche training and combined exercises.
Effectively, all activities under NORDEFCO's Military Cooperation Areas (COPAs) are now opening up for participation by the armed forces of Estonia, Latvia and Lithuania. The focus areas
The training and joint exercise programs connected to CWCP will involve the specialist cyberwarfare and secure communications units from the seven participating Nordic and Baltic militaries. The CWCP, which will weigh cost benefits and operational gains before deciding on which specific cyber warfare programs to jointly pursue, will also seek to build capacity to a level where cooperation can be activated in real time in the face of regarding immediate threat warnings. in the Nordic-Baltic cyber domain.
According to Swedish Defense Minister Peter Hultqvist, the expanded Nordic-Baltic CWCP program will use enhance development of cyber-defense capabilities, leveraging from processes, techniques and strategies that are already in place, or under development, by national military and law enforcement cyber defense and cyber anti-crime centers.
"Cyber defense cooperation will be about the Nordic and Baltic militaries sharing information and practices, training and learning from one another while building a combined capacity," Hultqvist said. adding that the cyber warfare domain has become a new battleground for countries and their interests..
The CWCP's program's goal of building an effective combined capacity will involve serial training programs and exercises both to share information and test new and evolving cyber attack scenarios and defense technologies. , as well as to run simulated trials and tests on latest offensive techniques and counter attack strategies.
Initially, one of the primary training areas focal points within the CWCP will be to develop CERTs within the framework of dedicated military run national cyberwarfare units. Planned competence Building training between CERTs from participating Nordic and Baltic countries will aim to develop help the CWCP achieve a comparable standard across all core cyberwarfare defensive and offensive functions.
"For this area of Nordic-Baltic cooperation to work we will need strong and clear cyberwarfare policies at a national level, also in Finland. We need the ability to wage cyberwarfare as an alternative to conventional armed conflict response. Joint training and exercises will be critical to success," said Carl Haglund, Finland's defense minister.
Future CWCP training programs within the scope of the CWCP will use or test new processes and technologies emanating from national centers, including evolving capacities that give national cyber defense units the ability and offensive option to launch own cyber attacks against hostile "intruder enemies."
The It is expected that training and exercises around the CWCP's future offensive warfare operations will not happen before legislative changes are enacted in all Nordic and Baltic states that recognize cyberwarfare attacks as a significant threat to both national sovereignty and the protection of critical infrastructure.
"Having a cyberwarfare capability gives countries options to target enemies other than direct armed force," said Haglund.
"A cyber attack needs to be viewed in the same manner as a conventional military operation," said Anders Henriksen, an international law expert at the University of Copenhagen. "This means it would require the approval of national parliaments. After all, when a country goes to war it is parliament that declares war and the military that carries out the instruction." Henriksen said.
The CWCP's training and exercises will in part be structured on Denmark's experience in fending off cyber attacks in 2012 against both government departments and , as well as private Danish defense companies connected to the F-35 Lightning 11 program.
Since the 2012 attacks, the Danish Defense Intelligence Service (Forsvarets Efterretningstjeneste) has been steadily building its capability to a level where Denmark's Cyber Defense Unit (CDU) will be able to conduct run offensive operations strikes against either foreign states, criminals persons or organizations in cyberspace.
The Danish government has allocated US $70 million, during 2015-2017, to build the CDU's capability to counter-strike level. This expertise, under the remit of the expanded Nordic-Baltic defense deepening agreement, will be shared with the CWCP.
To maximize advantage in the cyberwarfare offensive training, exercises and development space, Nordic countries must address the legal issues that permit counter-strikes, using sophisticated weaponry against hostile attackers, said Anders Henriksen, an international law expert at the University of Copenhagen.
"A cyber attack needs to be viewed in the same manner as a conventional military operation. This means it would require the approval of national parliaments. After all, when a country goes to war it is parliament that declares war and the military that carries out the instruction," Henriksen said.
The Norwegian armed forces' (NAF) Cyber Force Unit (CFU) is expected to share its emerging offensive and defensive cyber warfare capabilities with the CWCP. The unit NAF's CFU is developing digital weapons to protect the military's computer systems and IT infrastructure.
The expanded Nordic-Baltic cyber defense cooperation deepening framework around cyber warfare training and exercises is expected to develop lead to closer contacts between Nordic cyber defense units and CDUs and the Estonian-based CCDCE, which was established in May 2008.
Finland has a non-NATO Contributing Participant relationship with the center, while Latvia and Lithuania are among the 14 sponsoring nations. including a list that includes France, the Czech Republic, Germany, Hungary, Italy, Britain, the Netherlands, Poland, Slovakia, Spain, and the United States.
"Estonia's cyberwarfare competence developed quickly after we sustained massive and sustained cyber attacks in April 2007. We are still learning, and cyber defense is certainly an area that needs to be part of defense cooperation with our neighboring Nordic state partners," said Estonia's Defense Minister Sven Mikser.
Nordic military cyberwarfare experts are due to attend cyber attack technical skills training modules that are scheduled around the CCDCE's Locked Shields training exercises on April 20. (2015).
Conducted as real-time network defense training and exercises, Locked Shields will test trial new technologies, attack sectors and developing threat scenarios. The Estonian defense forces' (EDF) cyber range, which exists as a customized training environment that allows NATO to meet certain cyber defense challenges, will form the backbone of the annual game-based training and exercise.
Nordic and Baltic states will be among the 18 participating nations, along with NATO's Computer Incident Response Capability Technical Centre. (NCIRC-TC). New attack vectors to be introduced during the training and exercises will include ICS/SCADA (integrated communications system/supervisory control and data acquisition systems, and Windows 8 and 10 operating systems, as well active defense elements.
National Blue Teams will comprise the training audience for the Locked Shields' exercises, with CERT specialists playing the role of the rapid reaction teams of the fictional country of Berlya.
NORDEFCO-attached CDU experts will also be updated on the CCDCE's advances in defending mobile communications devices, with the emphasis on using security protocols and improved encryption to protect equipment used by high-level officials and decision-makers.