Tomasz Siemoniak (Agence France-Presse)
ROME — Since Estonia suffered a crippling cyberattack in 2007, generally attributed to Russian hackers, European states have slowly been organizing their disparate cyber crime and security organizations under national coordinating committees, bringing military commanders into contact with intelligence agencies, police forces and private industry.
The new furor over US spying on European Union nations will likely heighten efforts in the region to strengthen defenses against economic and political cyberattack from political and economic adversaries and allies alike.
In Italy, a decree issued by the Cabinet in January sought to impose a chain of command on a series of cybersecurity operations launched in recent years by law enforcement and state agencies.
The decree puts the prime minister at the top of the pyramid but gives operational authority to the head of the DIS, the Italian intelligence agency that oversees both overseas and domestic operations.
“The DIS has led this reorganization and has taken a central role,” said Stefano Mele, a cyber analyst with the Italian Institute for Strategic Studies. “It is the first real step toward an operational approach to cybersecurity.”
“The Italian cyber strategy is defensive,” an Italian intelligence source said.
The new setup, which is reportedly still being staffed, involves a political committee to propose strategy to the prime minister, drawing representatives from the ministries of foreign affairs, interior, defense, justice, economy and economic development.
A permanent monitoring center is also being established, to be run by the prime minister’s military adviser.
Mele said the new center would be open 24 hours a day to monitor threats.
“Police units have previously mounted 24-hour monitoring operations, but the new setup moves beyond a focus on cyber crime to cyberwarfare,” he said.
The center can also activate a crisis unit, drawing on various ministries when an attack threatens national security.
One analyst feared the new structure was too complex to react quickly to cyber threats.
“The chain of command is too long and complicated to respond to attacks, which are by definition fast, but this is a start,” said Raoul Chiesa, a cybersecurity consultant to the UN.
The Italian military’s cyber defense operation, which is run by the General Staff in Rome, continues on a parallel track to the new civilian setup, but there would be crossovers, Mele said.
“The key role given the prime minister’s military adviser is no coincidence,” Mele said.
Responsibility for German cybersecurity is divided among many players on the federal and state levels. The National Cyber Defense Center, under the federal Interior Ministry, was founded in April 2011, involving the military, the police, the secret service and other security and civil defense organizations.
Additionally, a National Cyber Security Committee has been set up to decide wider cybersecurity policy, involving the chancellery, various ministries, the states and industry representatives as associate members.
While these are all defensive measures, the Bundeswehr acknowledged last year that it had a Computer Network Operations Team capable of offensive action. It is part of the Strategic Reconnaissance Command and stationed in Rheinbach, near Bonn. Press reports suggest the unit started training a couple of years ago and reached initial operational capability in 2012.
However, actual offensive operations would require the approval of the German parliament, as all German military actions do.
The team is not represented in the National Cyber Defence Center nor is it responsible for the defense of the military itself against cyberattacks; the military has built up a separate IT security organization.
Cybersecurity spending in the UK emerged unscathed from a new round of government austerity measures announced by Chancellor George Osborne for the 2015-16 financial year.
The Treasury said cyber was a national security priority and investment in the area will continue to grow in 2015, including a £210 million (US $320 million) investment in the National Cyber Security Programme (NCSP).
That money builds on £650 million in funding set aside in the 2010 Strategic Defence and Security Review to tackle cyber threats and turn the problem into an opportunity for the British security industry.
The initial four-year spending program, started in 2011, allocated an extra £384 million to the intelligence services over the period with the Ministry of Defence-allocated £90 million.
That money is in addition to other cyber funding streams for the intelligence agencies and government departments — figures that are not aired in public.
The review said cyberattacks were among the government’s four top security risks.
That review was followed at the end of 2011 by a new UK cybersecurity strategy that sought to better protect cyberspace interests and build the capabilities needed to combat the growing problem.
Only last week, Iain Lobban, the head of the government’s intelligence-gathering operation, GCHQ, told the BBC that business secrets were being stolen in Britain on an “industrial scale.”
Government and industry networks are targeted by sophisticated cyberattacks about 70 times a month, often by other states, he said.
GCHQ has already invested in new capabilities to identify and analyze hostile cyberattacks, and now plays host to a new Joint Cyber Unit set up in partnership with the MoD to help counter threats to the UK.
Another MoD initiative will likely see the armed services set up a “Cyber Reserve” to harness the talents of industry specialists and others.
Meanwhile, Poland is increasing the cyber defense and combat capacities of its armed forces — one of the priorities of the modernization of the Polish armed forces, according to a white paper on national security, released in May by the National Security Bureau.
The paper “recommends a national cyber defense system … integrated with similar systems of [other NATO member states],” the document said.
The paper also recommends the armed forces receive “mechanisms and systems for offensive activities in this area, and treated as an element of support to conventional activities.”
Poland’s cybersecurity efforts are largely driven by the massive cyberattacks that targeted Estonia in 2007 and crashed the Baltic state’s Internet infrastructure, local analysts said.
Two organizations set up to avoid the fate of Estonia will become operational next year.
The Polish Ministry of Defense and the Internal Security Agency, Poland’s domestic intelligence agency, are aiming to launch the National Cryptology Center, designed as a “response to the newest cyber threats … which should bring a breakthrough in what concerns [Poland’s] cybersecurity,” Polish Defense Minister Tomasz Siemoniak said.
A new unit within the Ministry of Defense will also foster the development of information technologies for military purposes.
The planned Inspectorate of Implementation of Innovative Technologies will be modeled on the US Defense Advanced Research Projects Agency, according to Siemoniak.
Closer collaboration in developing common platforms to counter cyber threats has been given priority status by the Nordic militaries’ cooperation vehicle, Nordic Defense Cooperation (NORDEFCO).
The need for a robust Nordic dialogue and pan-Nordic interaction is highlighted in the study, “Cyber Defense in the Nordic Countries and Challenges of Cyber Security,” produced by the Finnish National Defense University and delivered to NORDEFCO in January.
The study generated a report, “The Fog of Cyber Defense,” which is expected to provide a road map for future cyber threat cooperation among Norway, Finland, Sweden, Iceland and Denmark. It is anticipated that the first cross-border projects to develop common anti-cyber threat policies and strategies could emerge as soon as 2014.
In the meantime, the five Nordic states are working to strengthen their domestic cyber defense capabilities. All have, or are in the process of, establishing national cyber defense centers that can draw expertise from military and national intelligence units, as well as cyber threat divisions within the communications regulatory authorities in each country.
Recommendations advanced in the “The Fog of Cyber Defense” include a pan-Nordic political initiative to pursue cooperation. This would entail developing a sophisticated cyberspace information exchange platform supported by each country’s cyber defense center; development of a common cyber strategy; the holding of joint interoperability exercises to enhance linguistic, procedural and technical compatibility; the establishment of a common Nordic Cyber Defense Center; and the possibility of standardizing legislation on cyber defense cooperation.
NORDEFCO is running a so-called Cooperation Area research program to ascertain the cost benefits and operational gains from Nordic cyber defense cooperation that would specifically deal with immediate threat warnings.
On a national level, Norway established a dedicated cyber defense unit under the management of the Ministry of Defense in 2012. The unit merges the cyber threat and defense capabilities of the Armed Forces Command’s Norwegian Military Intelligence Service, the National Security Authority and the Norwegian Police Security Service.
Denmark established a Center for Cyber Security under the direction of the Ministry of Defense in December, while Finland launched its Total Society Cyber Security Strategy in January, a four-year strategy that aims to have a dedicated cyber defense center and acomprehensive countermeasures infrastructure in place in 2016.
In Sweden, the government established a National Cyber Defense organization in January, which will share information from frontline cyber units within the military’s signals intelligence wing FRA, the military intelligence unit MUST and the Swedish national police intelligence service, Säpo.
Albrecht Müller in Bonn, Andrew Chuter in London, Jaroslaw Adamowski in Warsaw and Gerard O’Dwyer in Helsinki contributed to this report.