BRUSSELS - NATO is accelerating its efforts to counter the potential threat from cyberattacks. One key move is a concept that is being developed in which a couple of cyberdefense rapid-reaction teams will be on call and available for immediate deployment after a member country requests support.
Ad Hoc teams have already been sent to places like Estonia and Georgia after cyberattacks were launched against these countries in 2007 and 2008, respectively. The rapid reaction teams are a vital aspect of part two of the three-point Cyber Defence Programme agreed to at the 2002 NATO summit in Prague.
Part two is designed to bring the NATO Computer Incident Response Capability (NCIRC) up from interim to full operating capability by ensuring that all NATO systems are covered. This is expected to happen gradually over a minimum of 18 months.
Currently, NATO detects probes by would-be attackers of its Web sites and counters them as they happen. Attacks on NATO's internal systems are virtually nonexistent, a NATO source indicated, although the organization is putting in place measures to prevent incidents caused by user error and to prevent users from importing viruses.
"The third phase consists of incorporating lessons learned from phase one and two, as well as using the latest cyber defence measures to enhance NATO's cyber defence posture," states a NATO press release.
Earlier this year, at the NATO summit in Strasbourg, France, and Kehl, Germany, NATO countries said they "remain committed to strengthening communication and information systems that are of critical importance to the Alliance against cyberattacks, as state and nonstate actors may try to exploit the Alliance's and Allies' growing reliance on these systems."
NATO's cyberdefense policy, as agreed to at that summit, comprises a NATO Cyber Defence Management Authority, an improved Computer Incident Response Capability and a Cooperative Cyber Defence Centre of Excellence in Estonia.
The latter center, which was formally set up in May 2008, is an analytical center whose activities include organizing meetings of experts and carrying out research and development projects. Its sponsoring nations are Estonia, Latvia, Lithuania, Germany, Italy, the Slovak Republic and Spain.
But NATO is also looking further ahead. John Osterholz, chair emeritus of the technical council of the Network Centric Operations Industry Consortium (NCOIC) and vice president of cyberwarfare and cybersecurity for BAE Systems, said the NCOIC had been asked by NATO's Allied Command Transformation to look into three operational challenges:
■ Providing dynamic situational awareness, such as knowing what is happening around NATO on its network in real time and how NATO can know that there has been a cyberattack.
■ Showing how NATO and national operators can sustain critical operations through a cyberattack, albeit in a degraded manner.
■ Sharing the information about a cyberattack.
Osterholz pointed to the follow-up work as being the development of a pattern of standards and architectural guidance for the international sharing of information about a cyberattack. He also pinpointed identity management as a key issue, i.e., "developing the trust relationship to ensure that the data you are sharing is with the person that you think it is."
For cyberdefense to be useful, it needs to apply in the NATO military environment and civilian areas such as humanitarian disasters where the European Union is particularly interested, according to Osterholz. For military operations, he suggested that "relatively modest controls on privacy" would be needed compared with civilian ones, where personal data would be more of an issue.
Meanwhile, a broader debate is brewing over whether NATO's stance that an attack against one is an attack against all could apply to cyberdefense. In a June 8 speech at the Security and Defence Agenda think tank, U.S. Ambassador to NATO Ivo Daalder asked whether this commitment would cover, for example, "aggression in the form of energy strangulation, or a cyber- or bioweapons attack from an unknown origin."
"NATO's founding fathers could not have foreseen these threats in 1949, but such terrors are all too plausible today," Daalder said. "And the applicability of Article 5 in response to new threats must be just as certain and credible as it has been since 1949." He was speaking in the context of NATO's upcoming rewrite of its "Strategic Concept," which he described as "out-of-date and out-of-touch."
A similar point was made by analyst Greg Austin, vice president of the East-West Institute, who is leading a project on cybersecurity.
"In launching work on its new security concept, NATO officials have flagged their efforts to understand how the mutual commitment to defense of all members might play out in the event of a major cyberattack by one state on another," Austin said.
In the context of the resumption of the NATO-Russia Council, a NATO diplomat said that military-to-military cooperation between Russia and NATO "could include cyberdefense" but added that "there is no great trust towards Russia on this area" and that it is "unlikely to be a fruitful area." ■
E-mail: jhale@defensenews.com.
Video 
Help
