HELSINKI — Cyberwarfare technology training has been identified as a new project area within the military-run Nordic Defense Cooperation (NORDEFCO) program.
NORDEFCO will pool information gained from military-operated cyber defense centers with research and intelligence received under partnership agreements with cyber crime law enforcement units.
Training will focus on best practices in the joint assessment of cyber threats against targets within the Nordic and Baltic militaries, government and industrial spheres.
NORDEFCO's pan-Nordic Cyber Warfare Collaboration Project (CWCP) also will interact with the NATO Cooperative Cyber Defence Center of Excellence (CCDCE), Tallinn, Estonia, which functions as a NATO-accredited research and training facility.
Although the CCDCE primarily serves NATO nations, it does run cooperation projects jointly with specialized cyber military and law enforcement agencies in NATO partner countries, including Sweden and Finland.
The CWCP will also construct training programs around research conducted by the Finnish armed forces' cyberwarfare unit from 2011-2014. Using a step-by-step approach, the Finnish computer emergency response team (CERT) developed processes and practices, including the identification of legitimate and suspected hostile targets. The research and training program was conducted in partnership with the military's National Defense University.
Some of the Finnish CERT's work was carried out in collaboration with NORDEFCO under its Combined Training Areas Program (CTAP).
Under CTAP, the Finnish CERT conducted a successful multiphase, pan-Nordic cyber warfare test last October.
The NATO aligned Baltic states of Estonia, Latvia and Lithuania, under an agreement reached by Nordic defense ministers in mid-April, will join an expanded CWCP in 2015-2016. The inclusion of the Baltic militaries in NORDEFCO's projects reflects the ever closer relationships being developed between Nordic and Baltic militaries under the umbrella of joint Nordic-Baltic defense projects.
Effectively, all activities under NORDEFCO's Military Cooperation Areas (COPAs) are now opening up for participation by the armed forces of Estonia, Latvia and Lithuania.
The training and joint exercise programs connected to CWCP will involve the specialist cyberwarfare and secure communications units from the seven participating Nordic and Baltic militaries. The CWCP, which will weigh cost benefits and operational gains before deciding on which programs to jointly pursue, will also seek to build capacity to a level where cooperation can be activated in real time in the face of immediate threat warnings.
According to Swedish Defense Minister Peter Hultqvist, the expanded Nordic-Baltic CWCP program will use processes, techniques and strategies already in place, or under development, by national military and law enforcement cyber centers.
"Cyber defense cooperation will be about the Nordic and Baltic militaries sharing information and practices, training and learning from one another while building a combined capacity," Hultqvist said.
The CWCP's goal of building combined capacity will involve serial training programs and exercises to share information and test new and evolving cyber attack scenarios and defense technologies.
Initially, one of the primary training areas will be to develop CERTs within the framework of dedicated military run cyberwarfare units. Building training between CERTs from participating Nordic and Baltic countries will aim to develop a comparable standard across all core cyberwarfare defensive and offensive functions.
"For this area of Nordic-Baltic cooperation to work we will need strong and clear cyberwarfare policies at a national level, also in Finland. We need the ability to wage cyberwarfare as an alternative to conventional armed conflict response. Joint training and exercises will be critical to success," said Carl Haglund, Finland's defense minister.
Future CWCP training programs will use or test new processes and technologies emanating from national centers, including capacities that give national cyber defense units the ability to launch cyber attacks against hostile "intruder enemies."
The training and exercises around the CWCP's future offensive warfare operations will not happen before legislative changes are enacted in all Nordic and Baltic states that recognize cyberwarfare attacks as a significant threat to national sovereignty and critical infrastructure.
"Having a cyberwarfare capability gives countries options to target enemies other than direct armed force," said Haglund.
"A cyber attack needs to be viewed in the same manner as a conventional military operation," said Anders Henriksen, an international law expert at the University of Copenhagen. "This means it would require the approval of national parliaments. After all, when a country goes to war it is parliament that declares war and the military that carries out the instruction."
The CWCP's training and exercises will in part be structured on Denmark's experience in fending off cyber attacks in 2012 against both government departments and private Danish defense companies connected to the F-35 program.
Since the 2012 attacks, the Danish Defense Intelligence Service has been steadily building its capability to a level where Denmark's Cyber Defense Unit (CDU) will be able to conduct offensive operations against either foreign states, criminals or organizations in cyberspace.
The Danish government has allocated US $70 million, during 2015-2017, to build the CDU's capability to counter-strike level. This expertise, under the remit of the expanded Nordic-Baltic defense agreement, will be shared with the CWCP.
The Norwegian armed forces' Cyber Force Unit is expected to share its emerging offensive and defensive cyber capabilities with the CWCP. The unit is developing digital weapons to protect the military's computer systems and IT infrastructure.
The expanded Nordic-Baltic cyber defense cooperation is expected to develop closer contacts between Nordic cyber defense units and the Estonian-based CCDCE, which was established in May 2008.
Finland has a non-NATO Contributing Participant relationship with the center, while Latvia and Lithuania are among the 14 sponsoring nations.
"Estonia's cyberwarfare competence developed quickly after we sustained massive and sustained cyber attacks in April 2007. We are still learning, and cyber defense is certainly an area that needs to be part of defense cooperation with our neighboring Nordic state partners," said Estonia's Defense Minister Sven Mikser.
Nordic military cyberwarfare experts are due to attend cyber attack training modules that are scheduled around the CCDCE's Locked Shields training exercises on April 20.
Conducted as real-time network defense training and exercises, Locked Shields will test new technologies, attack sectors and developing threat scenarios. The Estonian defense forces' cyber range, which exists as a customized training environment that allows NATO to meet certain cyber defense challenges, will form the backbone of the annual game-based training and exercise.
Nordic and Baltic states will be among the 18 participating nations, along with NATO's Computer Incident Response Capability Technical Centre. New attack vectors to be introduced during the training and exercises will include integrated communications system/supervisory control and data acquisition systems, and Windows 8 and 10 operating systems, as well active defense elements.
National Blue Teams will comprise the training audience for the Locked Shields' exercises, with CERT specialists playing the role of the rapid reaction teams of the fictional country of Berlya.
NORDEFCO-attached CDU experts will also be updated on the CCDCE's advances in defending mobile communications devices, with the emphasis on using security protocols and improved encryption to protect equipment used by high-level officials and decision-makers.