HELSINKI — Denmark has responded to a series of cyber attacks against private and state defense organizations by establishing an Offensive Cyber Warfare (OCW) unit to repel assaults and launch counter-strikes.
A $74 million capital provision has been added to the Defense Ministry's budget in 2015-2017 to cover the OCW's formation and operational costs.
The task of establishing and operating the OCW will fall to the Danish Defense Intelligence Service (DDIS). The DDIS operates as a department of the MoD and is Denmark's chief agency for military and foreign intelligence.
The OCW project was spun from a recommendation by the Danish Defense Commission (DDC) in 2012 that advocated the reinforcement of Danish cyberwarfare technologies and capacities under the government's coordinated national cyber defense strategy plan.
The DDC's recommendation was followed in 2013 by the Danish government's National Plan for Cyber Security. This included a proposal to add a more dynamic offensive capability to the existing defensive-based approach to cyber.
Denmark's current cyberwarfare apparatus is primarily equipped to protect military computer systems from hacking and disruption. The infrastructure does not have a specific focus on developing offensive responses against malefactors bent on infiltrating defense or industrial IT platforms.
Significantly, the DDIS's upgraded role means the organization will become Denmark's front-line gatekeeper to thwart foreign and domestic cyberwarfare threats. Moreover, the agency will be responsible for operating defensive and offensive "weaponry" against hostile actors or organizations.
The $74 million allocation is being arranged by the Ministry of Finance. Apart from the OCW's initial set-up and equipment costs, around 50 percent of the capital sum will go to developing advanced offensive cyberwarfare technologies, skills and "counter-strike weaponry." Some of this niche work will be carried out in collaboration with Danish universities and defense research organizations.
"It is fundamental that we strengthen in the area of managing information security across the board, both at the state level and our distributors. To achieve this, we need to have a highly capable, determined and ambitious national cyber defense strategy," said Bjarne Corydon, Denmark's finance minister.
Denmark's aggressive approach to offensive cyber capability comes after a series of cyber attacks against indigenous defense companies believed to have included Terma, key government ministries, among them defense and industry departments.
Other organizations, such as the Danish Maritime Authority and Statens IT, the Danish state organization responsible for providing IT services to many government authorities and departments, also came under cyber attack.
The Danish government, based on intelligence reports from the DDIS and other state surveillance agencies, confirmed in September that parts of the country's core defense, industrial and government IT infrastructure had been subjected to repeated "information gathering" cyber attacks since 2008.
"We are talking about a sophisticated campaign of cyber espionage that was first detected in 2008 and which continued up to the end of 2012. There have been attacks since, but few as complex or aggressive. The main target appears to have been the systems of the leading Danish defense firms, and especially those subcontracting to Lockheed's F-35 Joint Strike Fighter development program," said Marc Wauters, a political analyst based in The Hague.
Although unable to confirm the precise origin of the attacks on defense groups, Danish intelligence services suspect the cyber assaults were launched by hackers in China. Defense company leaders were alerted to the serial attacks by the DDIS in late 2013, said Thomas Lund Sørensen, the DDIS's director.
The formation of the OCW, coupled with Denmark's drive into offensive cyberwarfare, may require legal changes to redefine cyber threats as another form of conventional or alternative military warfare, said Anders Henriksen, an international law expert at the University of Copenhagen.
According to Henriksen, the Danish Parliament may be required to decide if "offensive cyberwarfare falls into the same category as traditional military operations" that are structured to deal with threats against Danish national security and sovereignty.
The need for offensive cyberwarfare mechanisms brings Denmark into a "new realm of national defense and legal structures," said Troels Lund Poulsen, the defense spokesman for Denmark's Liberal Party.
"It will become more important for the national Parliament, as Denmark develops advanced offensive cyberwarfare technologies and capacity, to have adequate supervisory tools in place to regulate the DDIS's operations and examine how the military may use the new offensive cyberwarfare weaponry at its disposal," Poulsen said.